Abstract | ||
---|---|---|
The security of the networking infrastructure (e.g., routers and switches) in large scale enterprise or Internet service provider (ISP) networks is mainly achieved through mechanisms such as access control lists (ACLs) at the edge of the network and deployment of centralized AAA (authentication, authorization and accounting) systems governing all access to network devices. However, a misconfigured edge router or a compromised user account may put the entire network at risk. In this paper, we propose enhancing existing security measures with an intrusion detection system overseeing all network management activities. We analyze device access logs collected via the AAA system, particularly TACACS+, in a global tier-1 ISP network and extract features that can be used to distinguish normal operational activities from rogue/anomalous ones. Based on our analyses, we develop a real-time intrusion detection system that constructs normal behavior models with respect to device access patterns and the configuration and control activities of individual accounts from their long-term historical logs and alerts in real-time when usage deviates from the models. Our evaluation shows that this system effectively identifies potential intrusions and misuses with an acceptable level of overall alarm rate. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1007/978-3-642-33338-5_15 | RAID |
Keywords | Field | DocType |
access control list,network device,network management activity,device access log,network element,real-time intrusion detection system,entire network,real time,device access pattern,aaa system,intrusion detection system,tier-1 isp network | Provider Edge,Computer security,Computer science,Network security,Networking hardware,Access control,Network element,Network management,Network Access Control,Intrusion detection system | Conference |
Citations | PageRank | References |
4 | 0.44 | 14 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jie Chu | 1 | 4 | 0.44 |
Zihui Ge | 2 | 847 | 55.97 |
Richard Huber | 3 | 4 | 0.44 |
Ping Ji | 4 | 4 | 0.44 |
Jennifer Yates | 5 | 790 | 64.51 |
Yung-Chao Yu | 6 | 4 | 0.44 |