Jizhou Sun

Intrusion detection solution to WLANs

With the increasing popularity of the wireless network, the security issue for mobile users could be even more serious than it can be expected. Here it is need to search for new architecture and mechanisms to protect the wireless networks and mobile computing application. This paper focuses on intrusion detection and security consideration in wireless local area networks (WLANs) and also presents intrusion detection for WLANs, which gives a wireless intrusion detection system and its architecture consideration. A wireless IDS is similar to a standard, wired IDS, but has additional deployment requirements as well as some unique features specific to WLAN intrusion and misuse detection. Meanwhile, we discuss some issues with wireless networks and Intrusion detection solution to wireless networks.

Honeypot and scan detection in intrusion detection system

We present an application of a honeypot in detection collaboration with an intrusion detection system. We have designed and implemented a honeypot port-scan detection system for scan detection, which can work as a module of the intrusion detection system and can also run independently. Nowadays, intrusion detection systems face more challenges, such as data overload, high false positives and negatives, and being incapable of understanding the encrypted or IPv6 packets. We introduce new data structures (such as a new link structure for slow scan) and new event mechanisms in our system, and present a new method to solve some weaknesses in known techniques, so our system can provide an early scan warning and detect some new attacks. Our tests on this system in a typical network environment show that the system has very low false positives and false negatives.

A stream cipher algorithm based on conventional encryption techniques

In this paper we present a new word-oriented stream cipher, RAINBOW, based on conventional encryption algorithms. The core of this algorithm is the keystream generator. What is used to generate the pseudo-random keystream is composed of real key and temporal key. The real key is just like the key in a block cipher, which is known by two users. But the temporal key is generated at the beginning of communication. The real key and temporal key are blended and divided into two parts. One part is taken as plaintext, the other is treated as the key in a conventional encryption algorithm (such as Triple DES, IDEA and so on). The output of the encryption is a pseudo-random keystream, which is then XORed with the plaintext to generate the ciphertext. Because of the diffusion and confusion of the conventional encryption, the real key, pseudo-random keystreams, plaintext and ciphertext hold very complex and nonlinear relations. We have performed several detailed security analysis. The cryptanalysis of RAINBOW did not reveal an attack better than exhaustive key search. The speed of this algorithm is as fast as commonly block ciphers.

TJIDS: an intrusion detection architecture for distributed network

We present TJIDS (Tianjin intrusion detection system), a network intrusion detection system whose main functionality is to detect and respond to malicious attacks in distributed network. The main novelty in TJIDS is its intelligent distributed agent architecture to enable distributed intrusion detection with dynamic policy change, as the treat pattern changes. We have adopted a multilevel agent technique, and applied genetic algorithm to this agent-based intrusion detection system. The advantage of our architecture is its ability to perform dynamic policy update in intrusion detection system through wireless net gate, and respond intrusions by distributed agents. Key concepts and preliminary results are presented.

The prediction role of hidden Markov model in intrusion detection

Information security is an issue of serious global concern. The development of Internet increases the security risk of information systems greatly. This paper utilizes HMM (hidden Markov model) to realize the forecast ability of IDS (intrusion detection system). In this model, a command sequence or a control information sequence is regarded as a series of state transitions with a certain probability. The performance of several algorithms is compared such as F-BP (forward-back propagation) algorithm, Viterbi learning algorithm, EM (expectation maximization) algorithm, etc. In order to provide a soft boundary to the decision-making, fuzzy math is also introduced to this model. By this means, the intelligence of the IDS is improved and some decision-making abilities and reasoning abilities are offered to IDS. As well this paper reports the results about our project.

Intrusion detection for wireless local area network

Wireless intrusion detection systems are an important addition to the security of wireless local area networks (WLANs). We focus on intrusion detection and security consideration in wireless local area networks. We present intrusion detection for WLANs, give wireless intrusion detection systems and system architecture considerations. We also present a conceptual model for an IDS agent. IDS agents can cooperatively participate in global intrusion detection actions. These individual IDS agents collectively form the IDS system to protect the mobile wireless network. Meanwhile, we introduce some infrastructures as elements of wireless IDS for WLANs.

The design of a distributed network intrusion detection system IA-NIDS

An intelligent agent based distributed network intrusion detection system (IA-NIDS) is presented. Compared with the current network intrusion detection techniques, IA-NIDS uses the parallel technique to reform and detect the coming packet on the application layer, which widens the scale of intrusion detection. It uses intelligent distributed mutual agent technique to enhance the ability of real time response and uses mix detection method to improve the accuracy for detecting DDOS attacks.

Recurrent network in network intrusion detection system

This paper presents a study of network intrusion detection system based on network, and proposes a method using recurrent network in network intrusion detection system. This method can be regarded as a modified Jordan recurrent network. Recurrent network is used to extract rule set of describing intrusion, pattern and features. The rule set can then be used for intrusion detection. Experiments prove that recurrent network improve performance of intrusion detection system.

A parallel scheme for IDS

Conventional intrusion detection systems (IDSs) face many challenges, such as evasion techniques, cryptography, false positives and high rate traffic. Many of them is resolved by parallel methods. In this paper a parallel scheme is proposed, which is to attempt to ease the workload by integrating a cluster into IDS, allowing tasks to be parallelly executed in the cluster. This increases performance even under hostile loads and enables efficient intrusion detection in high speed networks.

A general purpose application layer IDS

This article concentrates on the design and implementation of a general purpose application layer IDS (intrusion detection system). Being different from the traditional IDSs based on the network layer, this system can rebuild the TCP sessions and deal with different kinds of intrusions on the application layer. The whole process can be described briefly as: The system reassembles the IP packets captured by the sniffers, rebuilds the TCP sessions and provides a plug-in mechanism to process the data of different application layer protocols. Since the amount of the IP packets sniffed is very large, they are divided into different parts and send to multiple machines, where the packets are processed in parallel so that the system attains good performance, scalability, and stability. We have made some test on this system in a typical network environment and the results obtained show that the system is well designed.