Cooperative Intrusion Detection For The Next Generation Carrier Ethernet

Detalhes bibliográficos
Autor(a) principal: Jieke, Pan
Data de Publicação: 2008
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10451/13881
Resumo: Current OSI model layer 2 network elements (NEs, e.g., bridges, switches) are complex hardware and software boxes, often running an operating system, service and administration software, that can be vulnerable to attacks, including to remote code execution inside them. The purpose of this thesis is to present an architecture to protect the Carrier Ethernet network infrastructure from attacks performed by malicious NEs against the link management protocol, Spanning Tree Protocol, and its variations. This thesis proposes that NEs are equipped with an intrusion detection component. Each detector uses a specification-based intrusion detection mechanism in order to inspect the behaviour of other NEs through the analysis of the received messages. The correct behaviour of the NEs is crafted from the standard specification of the STP protocol. If there is a deviation between current and expected behaviour, then the NE is considered to be malicious. The specification is extended with temporal pattern annotations, in order to detect certain deviations from the protocol. The results of the local detection are then transmitted to the other NEs, in order to cooperatively establish a correlation between all the NEs, so that malicious NEs can be logically removed from the network (disconnecting the ports connected to them)
id RCAP_fe0e86e47122b33c2feb19d5ec9edde3
oai_identifier_str oai:repositorio.ul.pt:10455/3074
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Cooperative Intrusion Detection For The Next Generation Carrier EthernetCooperative Intrusion DetectionSpecification-based Intrusion DetectionCarrier EthernetSpanning Tree ProtocolNetwork TopologySecurityCurrent OSI model layer 2 network elements (NEs, e.g., bridges, switches) are complex hardware and software boxes, often running an operating system, service and administration software, that can be vulnerable to attacks, including to remote code execution inside them. The purpose of this thesis is to present an architecture to protect the Carrier Ethernet network infrastructure from attacks performed by malicious NEs against the link management protocol, Spanning Tree Protocol, and its variations. This thesis proposes that NEs are equipped with an intrusion detection component. Each detector uses a specification-based intrusion detection mechanism in order to inspect the behaviour of other NEs through the analysis of the received messages. The correct behaviour of the NEs is crafted from the standard specification of the STP protocol. If there is a deviation between current and expected behaviour, then the NE is considered to be malicious. The specification is extended with temporal pattern annotations, in order to detect certain deviations from the protocol. The results of the local detection are then transmitted to the other NEs, in order to cooperatively establish a correlation between all the NEs, so that malicious NEs can be logically removed from the network (disconnecting the ports connected to them)Department of Informatics, University of LisbonCorreia, Miguel PupoRepositório da Universidade de LisboaJieke, Pan2009-02-10T13:12:42Z2008-032008-03-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/13881porinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-11-20T17:17:40Zoai:repositorio.ul.pt:10455/3074Portal AgregadorONGhttps://www.rcaap.pt/oai/openairemluisa.alvim@gmail.comopendoar:71602024-11-20T17:17:40Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
title Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
spellingShingle Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
Jieke, Pan
Cooperative Intrusion Detection
Specification-based Intrusion Detection
Carrier Ethernet
Spanning Tree Protocol
Network Topology
Security
title_short Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
title_full Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
title_fullStr Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
title_full_unstemmed Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
title_sort Cooperative Intrusion Detection For The Next Generation Carrier Ethernet
author Jieke, Pan
author_facet Jieke, Pan
author_role author
dc.contributor.none.fl_str_mv Correia, Miguel Pupo
Repositório da Universidade de Lisboa
dc.contributor.author.fl_str_mv Jieke, Pan
dc.subject.por.fl_str_mv Cooperative Intrusion Detection
Specification-based Intrusion Detection
Carrier Ethernet
Spanning Tree Protocol
Network Topology
Security
topic Cooperative Intrusion Detection
Specification-based Intrusion Detection
Carrier Ethernet
Spanning Tree Protocol
Network Topology
Security
description Current OSI model layer 2 network elements (NEs, e.g., bridges, switches) are complex hardware and software boxes, often running an operating system, service and administration software, that can be vulnerable to attacks, including to remote code execution inside them. The purpose of this thesis is to present an architecture to protect the Carrier Ethernet network infrastructure from attacks performed by malicious NEs against the link management protocol, Spanning Tree Protocol, and its variations. This thesis proposes that NEs are equipped with an intrusion detection component. Each detector uses a specification-based intrusion detection mechanism in order to inspect the behaviour of other NEs through the analysis of the received messages. The correct behaviour of the NEs is crafted from the standard specification of the STP protocol. If there is a deviation between current and expected behaviour, then the NE is considered to be malicious. The specification is extended with temporal pattern annotations, in order to detect certain deviations from the protocol. The results of the local detection are then transmitted to the other NEs, in order to cooperatively establish a correlation between all the NEs, so that malicious NEs can be logically removed from the network (disconnecting the ports connected to them)
publishDate 2008
dc.date.none.fl_str_mv 2008-03
2008-03-01T00:00:00Z
2009-02-10T13:12:42Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10451/13881
url http://hdl.handle.net/10451/13881
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Department of Informatics, University of Lisbon
publisher.none.fl_str_mv Department of Informatics, University of Lisbon
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv mluisa.alvim@gmail.com
_version_ 1817548826818379776

Registros relacionados