Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2008 |
| Tipo de documento: | Dissertação |
| Idioma: | por |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10451/13881 |
Resumo: | Current OSI model layer 2 network elements (NEs, e.g., bridges, switches) are complex hardware and software boxes, often running an operating system, service and administration software, that can be vulnerable to attacks, including to remote code execution inside them. The purpose of this thesis is to present an architecture to protect the Carrier Ethernet network infrastructure from attacks performed by malicious NEs against the link management protocol, Spanning Tree Protocol, and its variations. This thesis proposes that NEs are equipped with an intrusion detection component. Each detector uses a specification-based intrusion detection mechanism in order to inspect the behaviour of other NEs through the analysis of the received messages. The correct behaviour of the NEs is crafted from the standard specification of the STP protocol. If there is a deviation between current and expected behaviour, then the NE is considered to be malicious. The specification is extended with temporal pattern annotations, in order to detect certain deviations from the protocol. The results of the local detection are then transmitted to the other NEs, in order to cooperatively establish a correlation between all the NEs, so that malicious NEs can be logically removed from the network (disconnecting the ports connected to them) |
| id |
RCAP_0f49a521bea6757aa39e0d5d705b043a |
|---|---|
| oai_identifier_str |
oai:repositorio.ul.pt:10451/13881 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Cooperative Intrusion Detection For The Next Generation Carrier EthernetCooperative Intrusion DetectionSpecification-based Intrusion DetectionCarrier EthernetSpanning Tree ProtocolNetwork TopologySecurityCurrent OSI model layer 2 network elements (NEs, e.g., bridges, switches) are complex hardware and software boxes, often running an operating system, service and administration software, that can be vulnerable to attacks, including to remote code execution inside them. The purpose of this thesis is to present an architecture to protect the Carrier Ethernet network infrastructure from attacks performed by malicious NEs against the link management protocol, Spanning Tree Protocol, and its variations. This thesis proposes that NEs are equipped with an intrusion detection component. Each detector uses a specification-based intrusion detection mechanism in order to inspect the behaviour of other NEs through the analysis of the received messages. The correct behaviour of the NEs is crafted from the standard specification of the STP protocol. If there is a deviation between current and expected behaviour, then the NE is considered to be malicious. The specification is extended with temporal pattern annotations, in order to detect certain deviations from the protocol. The results of the local detection are then transmitted to the other NEs, in order to cooperatively establish a correlation between all the NEs, so that malicious NEs can be logically removed from the network (disconnecting the ports connected to them)Department of Informatics, University of LisbonCorreia, Miguel PupoRepositório da Universidade de LisboaJieke, Pan2009-02-10T13:12:42Z2008-032008-03-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/13881porinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T15:59:19Zoai:repositorio.ul.pt:10451/13881Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:35:47.471096Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet |
| title |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet |
| spellingShingle |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet Jieke, Pan Cooperative Intrusion Detection Specification-based Intrusion Detection Carrier Ethernet Spanning Tree Protocol Network Topology Security |
| title_short |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet |
| title_full |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet |
| title_fullStr |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet |
| title_full_unstemmed |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet |
| title_sort |
Cooperative Intrusion Detection For The Next Generation Carrier Ethernet |
| author |
Jieke, Pan |
| author_facet |
Jieke, Pan |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Correia, Miguel Pupo Repositório da Universidade de Lisboa |
| dc.contributor.author.fl_str_mv |
Jieke, Pan |
| dc.subject.por.fl_str_mv |
Cooperative Intrusion Detection Specification-based Intrusion Detection Carrier Ethernet Spanning Tree Protocol Network Topology Security |
| topic |
Cooperative Intrusion Detection Specification-based Intrusion Detection Carrier Ethernet Spanning Tree Protocol Network Topology Security |
| description |
Current OSI model layer 2 network elements (NEs, e.g., bridges, switches) are complex hardware and software boxes, often running an operating system, service and administration software, that can be vulnerable to attacks, including to remote code execution inside them. The purpose of this thesis is to present an architecture to protect the Carrier Ethernet network infrastructure from attacks performed by malicious NEs against the link management protocol, Spanning Tree Protocol, and its variations. This thesis proposes that NEs are equipped with an intrusion detection component. Each detector uses a specification-based intrusion detection mechanism in order to inspect the behaviour of other NEs through the analysis of the received messages. The correct behaviour of the NEs is crafted from the standard specification of the STP protocol. If there is a deviation between current and expected behaviour, then the NE is considered to be malicious. The specification is extended with temporal pattern annotations, in order to detect certain deviations from the protocol. The results of the local detection are then transmitted to the other NEs, in order to cooperatively establish a correlation between all the NEs, so that malicious NEs can be logically removed from the network (disconnecting the ports connected to them) |
| publishDate |
2008 |
| dc.date.none.fl_str_mv |
2008-03 2008-03-01T00:00:00Z 2009-02-10T13:12:42Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/13881 |
| url |
http://hdl.handle.net/10451/13881 |
| dc.language.iso.fl_str_mv |
por |
| language |
por |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Department of Informatics, University of Lisbon |
| publisher.none.fl_str_mv |
Department of Informatics, University of Lisbon |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799134257144135680 |