A SPIDER ALERT IN ADVANCED NETWORKS

ABSTRACT The unbridled growth of the Internet and the network-based applications has contributed to enormous security leaks. Even the cryptographic protocols, which are used to provide secure communication, are often targeted by diverse attacks. Intrusion detection systems (ID s! are often employed to monitor network traffic and host activities that may lead to unauthori"ed accesses and attacks against vulnerable services. #ost of the conventional misuse-based and anomaly-based ID s are ineffective against attacks targeted at encrypted protocols since they heavily rely on inspecting the payload contents. To combat against attacks on encrypted protocols, we propose an anomaly-based detection system by using strategically distributed monitoring stubs (# s!. $e have categori"ed various attacks against cryptographic protocols. The # s, by sniffing the encrypted traffic, e%tract features for detecting these attacks and construct normal usage behavior profiles. &pon detecting suspicious activities due to the deviations from these normal profiles, the # s notify the victim servers, which may then take necessary actions. In addition to detecting attacks, the # s can also trace back the originating network of the attack. $e call our uni'ue approach on both Detection and Traceback in the # level. The effectiveness of the proposed detection and trace back methods are verified through e%tensive simulations and Internet datasets.

Hardware Requirements( )ardware ,-# )ard Disk 3ey 0oard #ouse #onitor *entium I+ 12 /0 tandard $indows 3eyboard - Two or Three 0utton #ouse - T4T - ./0

SOFTWARE RE !IRE"ENTS 4ront End 9ode 0ehind 0ack End 6perating ystem ( ( ( ( +I &-5 T&DI6.7ET 8221 9:.7ET ;5 E,+E, 8222 $indows <*.