A process to transfer Fail2ban data to an adaptive enterprise intrusion detection and prevention system
| Autor: | Lem R. Soles, Reid Turner, Dallas Snider, Cody Mallery, Frank Palmasani, Mike Ford, Michael Rabb |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Service (systems architecture)
Network security business.industry Computer science 020206 networking & telecommunications 02 engineering and technology Intrusion detection system Modular design Computer security computer.software_genre Host-based intrusion detection system Software agent Server Scalability 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing business computer |
| Zdroj: | SoutheastCon 2016. |
| DOI: | 10.1109/secon.2016.7506771 |
| Popis: | In this paper, we describe a process that has been developed to transfer network intrusion data captured by Fail2ban to an adaptive enterprise intrusion detection and prevention system. The process involves software agents that we have created that are interconnected to a central behavior analysis database service where each software agent records attack meta-information collected during previous intrusion attempts. These distributed agents are the first phase of an overall plan to create a smarter network defense system through the collection and analysis of network signatures generated by real security threats. The central database to which the agents report warehouses and analyzes the meta-information collected by the interconnected agents. The agents can then utilize both instantaneous and historical data by integrating rules derived from the data collection and analysis process into intrusion prevention policies. The final result will be a modular and scalable network defense system that should be more responsive and adaptable to imminent threats. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|