National Journal of System and Information Technology

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Implementing Advanced Inrusion Detection System by Monitoring Network Anamalies and Using Encrypted Access of Data


     

   Subscribe/Renew Journal


The Telnet, rlogin, rcp, rsh commands have a number of security weakness: all communications are in clear text and no machine authentication takes place. These commands are open to eavesdropping and tcp/ip address spoofing. SSH uses public/private key RSA authentication to check the identity of communicating peer machines, encryption of all data exchanged (with strong algorithms such as blowfish, 3DES, IDEA etc.). In this paper we proposed an IDS for encrypted access with SSH2 protocol to network public servers. Our proposed system detects the intrusions based on transferred data size and timing, which are available without decryption. The results reveal that the proposed system work well for different kinds of intrusions. Pre-operations are not needed and privacy is not violated. The detection is based on anomaly detection, which relies on the frequency of similar accesses and the characteristics of usual HTTP accesses.

Keywords

IDS, SSH, SSH2, MD5,MAC
Subscription Login to verify subscription
User
Notifications
Font Size


  • C. Endorf, E. Schultz and J. Mellander, "Intrusion Detection & Prevention", McGraw-Hill, ISBN: 0072229543, 2004.

  • Reuters.,"Virus damage estimated at $55 billion in 2003". Jan. 2004,

  • A. Hintz, "Fingerprinting websites using traffic analysis", Workshop on Privacy Enhancing Technologies, 2002.

  • G. Bissia, M. Liberatore, D. Jensen, and B. Levine, "Privacy Vulnerabilities in Encrypted HTTPStreams", Workshop on Privacy Enhancing Technologies, 2005.

  • Q. Sun, D. Simon, Y. Wang,W. Russell, V. Padmanabhan and L. Qiu, "Statistical identification of encrypted web browsing traffic", IEEE Symposium on Security and Privacy, 2002.

  • H. Cheng And R. Avnur, "Traffic Analysis of SSL Encrypted Web Browsing", Available at: Http://www.cs.berkeley.edu/?daw/teaching/cs261- f98/projects/finalreports/ ronathan-heyning.ps, 1998.

  • S. Mistry and B. Raman, "Traffic Analysis of SSL-Encrypted Web Browsing", Available at: Http://bmrc.berkeley.edu/people/shailen/Classes/SecurityFall98 /paper.ps, 1998.

  • "Snort Intrusion detection system", Available at: www.snort.org/

  • [9] Rafeeq Ur Rehman, "Intrusion Detection Systems with Snort, Advanced IDS Techniques with Snort, Apache, MySQL, PHP,and ACID", Prentice Hall PTR, ISBN 0-13-140733-3, 2003.

  • Himanshu Dwivedi, "Implementing SSH Strategies for Optimizing the Secure Shell", Wiley Publishing, ISBN: 0-471-45880-5, 2004.

  • "The SSHv2 Protocol", available at: Http://cs.wellesley.edu/~cs342/SSH2Protocol.html

  • Daniel J. Barrett and Richard E. Silverman, "SSH, the Secure Shell, The Definitive Guide", O’Reilly & Associates Publishing, ISBN: 0-596-00011-1, 2001.

  • T. Ylonen and C. Lonvick, "The Secure Shell (SSH) ProtocolArchitecture", RFC 4251, 2006

  • G. Lu, B. Krishnamachari, C.S. Raghavendra, “An adaptive energyefficient and lowlatency MAC for data gathering in wireless sensor networks”, Proceedings of 18th International Parallel and Distributed Processing Symposium, Pages: 224, 26-30 April 2004

  • J. Chirillo, "Hack Attacks Revealed", Willy computer publishing, ISBN: 0-471-41624- X, 2001.


Abstract Views: 217

PDF Views: 2




  • Implementing Advanced Inrusion Detection System by Monitoring Network Anamalies and Using Encrypted Access of Data

Abstract Views: 217  |  PDF Views: 2

Authors

Abstract


The Telnet, rlogin, rcp, rsh commands have a number of security weakness: all communications are in clear text and no machine authentication takes place. These commands are open to eavesdropping and tcp/ip address spoofing. SSH uses public/private key RSA authentication to check the identity of communicating peer machines, encryption of all data exchanged (with strong algorithms such as blowfish, 3DES, IDEA etc.). In this paper we proposed an IDS for encrypted access with SSH2 protocol to network public servers. Our proposed system detects the intrusions based on transferred data size and timing, which are available without decryption. The results reveal that the proposed system work well for different kinds of intrusions. Pre-operations are not needed and privacy is not violated. The detection is based on anomaly detection, which relies on the frequency of similar accesses and the characteristics of usual HTTP accesses.

Keywords


IDS, SSH, SSH2, MD5,MAC

References