期刊名称:International Journal of Computer Science & Technology
印刷版ISSN:2229-4333
电子版ISSN:0976-8491
出版年度:2012
卷号:3
期号:4
页码:167-172
语种:English
出版社:Ayushmaan Technologies
摘要:Intrusion detection is the act of detecting unwanted traffic on a network or a device. An IDS can be a piece of installed software or a physical appliance that monitors network traffic in order to detect unwanted activity and events such as illegal and malicious traffic, traffic that violates security policy, and traffic that violates acceptable use policies. The sensor networks are helpless to various attacks. In response, schemes have been proposed to identify intruders misbehaving in routing, localization, and other scenarios. Once an intruder is identified, it is isolated by its detectors. However, this is insufficient. Nodes other than these detectors should also be aware of the intruder; otherwise, the intruder can be relocated or duplicated to other places to continue attacks. To share intruder information with all sensor nodes, the detectors may generate and flood intruder reports to the whole network, directly or through trusted membership servers. Other nodes receive and record the reports to maintain their knowledge of intruders. This approach creates security problem, To address this problem, we propose a three-tier framework, consisting of a verifiable intruder reporting (VIR) scheme, a quorum based caching (QBC) scheme for efficiently propagating intruder reports to the whole network, and a collaborative Bloom Filter (CBF) scheme for handling intruder information locally. Intrusion Detection Systems (IDSs) have become widely recognized as powerful tools for identifying, deterring and deflecting malicious attacks over the network. Essential to almost every intrusion detection system is the ability to search through packets and identify content that matches known attacks. In this paper, common searching algorithms (string matching, Native, Boyer Moore and pattern matching algorithms) are examined on Ubicom Network Processor which is intended to be used as Network Intrusion Detection System (NIDS). Afterword, the suitable algorithm for Ubicom network processor is chosen which combine string matching and Native algorithms because these algorithms don’t have any type of preprocessing as Ubicom network processor doesn’t contain Micro Engine (ME) and doesn’t support multithreading which are used to speed the operation of preprocessing.
