Ankush Rai, F. Barbhuiya, A. Sur, S. Biswas, Suchetana Chakraborty, Sukumar Nandi
{"title":"利用分布式IDS开发STP检测技术","authors":"Ankush Rai, F. Barbhuiya, A. Sur, S. Biswas, Suchetana Chakraborty, Sukumar Nandi","doi":"10.1109/WICT.2011.6141374","DOIUrl":null,"url":null,"abstract":"Spanning tree protocol (STP) is a link layer protocol used for link management, prevention of loop formation etc. in the network. Although STP is widely used, it is still prone to many kinds of attacks that exploit the lack of security features both in basic working process and STP packet format. By exploiting STP control packet an attacker can pretend to be the new root in STP domain and perform unauthorized activities that lead to root take-over attack, STP control packet flooding, traffic redirection and so on. In this paper, a coverage based distributed intrusion detection system (DIDS) has been introduced, for the detection of attacks on STP. The proposed scheme computes a set of switches in the network that can cover the STP network completely; where every switch belongs to that set is installed with a small module of IDS. This set of IDSs logically divides the STP network into a set of local zones. All the switches in a zone is directly connected to one switch installed with IDS and thus covered by at least one IDS in STP domain. Each IDS can detect and verify any exploit inside its local zone. Additionally IDSs communicate with each other so that any exploit outside the local zone of a particular IDS can also be detected and verified. The results show that the proposed DIDS approach can detect all the STP based attacks.","PeriodicalId":178645,"journal":{"name":"2011 World Congress on Information and Communication Technologies","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Exploit detection techniques for STP using distributed IDS\",\"authors\":\"Ankush Rai, F. Barbhuiya, A. Sur, S. Biswas, Suchetana Chakraborty, Sukumar Nandi\",\"doi\":\"10.1109/WICT.2011.6141374\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Spanning tree protocol (STP) is a link layer protocol used for link management, prevention of loop formation etc. in the network. Although STP is widely used, it is still prone to many kinds of attacks that exploit the lack of security features both in basic working process and STP packet format. By exploiting STP control packet an attacker can pretend to be the new root in STP domain and perform unauthorized activities that lead to root take-over attack, STP control packet flooding, traffic redirection and so on. In this paper, a coverage based distributed intrusion detection system (DIDS) has been introduced, for the detection of attacks on STP. The proposed scheme computes a set of switches in the network that can cover the STP network completely; where every switch belongs to that set is installed with a small module of IDS. This set of IDSs logically divides the STP network into a set of local zones. All the switches in a zone is directly connected to one switch installed with IDS and thus covered by at least one IDS in STP domain. Each IDS can detect and verify any exploit inside its local zone. Additionally IDSs communicate with each other so that any exploit outside the local zone of a particular IDS can also be detected and verified. The results show that the proposed DIDS approach can detect all the STP based attacks.\",\"PeriodicalId\":178645,\"journal\":{\"name\":\"2011 World Congress on Information and Communication Technologies\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 World Congress on Information and Communication Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WICT.2011.6141374\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 World Congress on Information and Communication Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WICT.2011.6141374","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploit detection techniques for STP using distributed IDS
Spanning tree protocol (STP) is a link layer protocol used for link management, prevention of loop formation etc. in the network. Although STP is widely used, it is still prone to many kinds of attacks that exploit the lack of security features both in basic working process and STP packet format. By exploiting STP control packet an attacker can pretend to be the new root in STP domain and perform unauthorized activities that lead to root take-over attack, STP control packet flooding, traffic redirection and so on. In this paper, a coverage based distributed intrusion detection system (DIDS) has been introduced, for the detection of attacks on STP. The proposed scheme computes a set of switches in the network that can cover the STP network completely; where every switch belongs to that set is installed with a small module of IDS. This set of IDSs logically divides the STP network into a set of local zones. All the switches in a zone is directly connected to one switch installed with IDS and thus covered by at least one IDS in STP domain. Each IDS can detect and verify any exploit inside its local zone. Additionally IDSs communicate with each other so that any exploit outside the local zone of a particular IDS can also be detected and verified. The results show that the proposed DIDS approach can detect all the STP based attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
