A Novel Application of the P2P Technology for Intrusion Detection

A Novel Application of the P2P Technology for Intrusion Detection

Zoltán Czirkos (Budapest University of Technology and Economics, Hungary) and Gábor Hosszú (Budapest University of Technology and Economics, Hungary)
Copyright: © 2009 |Pages: 6
DOI: 10.4018/978-1-59904-845-1.ch081
OnDemand PDF Download:
$37.50

Abstract

The importance of the network security problems come into prominence by the growth of the Internet. This article presents a new kind of software that uses the network itself to protect the hosts and increase their security. The hosts running this software create an application level network (ALN) over the Internet (Hosszú, 2005). Nodes connected to this ALN check their operating systems’ log files to detect intrusion attempts. Information collected this way is then shared over the ALN to increase the security of all peers, which can then make the necessary protection steps, for example, blocking network traffic by their own firewall. Different kinds of security software utilizing the network were also written previously (Snort, 2006). The novelty of Komondor is that its client software entities running in each host create a peer-to-peer (P2P) overlay network (Czirkos, 2006). Organization is automatic; it requires no user interaction. This network model ensures stability, which is important for quick and reliable communication between nodes. By this build-up, the system remains useful over the unstable network.
Chapter Preview
Top

The Problem Of The Intrusion

Computers connected to networks are to be protected by different means (Kemmerer & Vigna, 2002). Information stored on a computer can be personal or business character, private or confidential. An unauthorized can person can therefore steal it; its possible cases are shown in Figure 1.

Figure 1.

The types of the information stealth

Key Terms in this Chapter

Peer-to-Peer (P2P) Model: A communication way where each node has the same authority and communication capability. They create a virtual network, overlaid on the Internet. Its members organize themselves into a topology for data transmission.

Intrusion Detection System (IDS): Examines the contents of the packets allowed through the firewall. It monitors network traffic to look for known signature attack patterns. When the malicious traffic is observed, the IDS generates an alert.

Overlay Network: The applications, which create an ALN, work together and usually follow the P2P communication model.

Client/Server Model: A communicating way, where one host has more functionality than the other. It differs from the P2P model.

Passive Network Vulnerability Scanner: Monitors network traffic at the packet layer to determine topology services. They also try to identify the vulnerabilities of the client and the server in a specific network through direct analysis of the packet stream.

Firewall: This is a host or router which provides a strict gateway to the Internet for a subnetwork, checking traffic and maybe dropping some network packets.

Application Level Network (ALN): The applications, which are running in the hosts, can create a virtual network from their logical connections. This is also called overlay network. The operations of such software entities are not able to understand without knowing their logical relations. ALN software entities usually use the P2P model, not the client/server model, for the communication.

Active Network Vulnerability Scanner: Such systems send packets and communicate in some manner with the systems they are auditing.

Complete Chapter List

Search this Book:
Reset