Monitoring and Intrusion Detection and Forensics on High-speed Networks
Goal
Existing intrusion detection systems (IDS) have
four shortcomings: 1) are mostly host-based and not scalable to high-speed
networks thus they cannot prevent the rapid propagation of the latest
viruses/worms which can infect most vulnerable machines in the Internet in only
ten minutes; 2) are mostly signature-based and unable to recognize unknown
anomalies; 3) cannot generation signatures for polymorphic worm automatcially;
4) are isolated or centralized systems. To this end we propose to minotor and
detect intrusion on high-speed networks.
People
Collaborators
Past Collaborators
Projects
- IDgraph
- Detect intrusion through intelligent visualization.
- CDDHT
- Distributed IDS alert fusion through DHT.
- Reversible Sketch
- An efficient data streaming data structure which can record millions of
packet information and recover the heavy changes.
- Sketch based IDS
- An IDS build upon the k-ary sketches, reversible sketch and 2D sketches.
- Token Base Signature Generation
- An automated content based signature generation system for polymorphic
worms.
- Length Base Signature Generation
- An automated vulnerability signature generation system for polymorphic
buffer overflow worms.
Publications
- Pin Ren, Yan Gao, Zhichun Li, Yan Chen and Ben Watson,
IDGraphs: Intrusion Detection and Analysis Using Histographs, in
proceedings of the IEEE Workshop on Visualizaiton for Computer Security (VizSEC)
2005.
- Pin Ren, Yan Gao, Zhichun Li, Yan Chen and Ben Watson,
IDGraphs: Intrusion Detection and Analysis Using Stream Compositing, in
IEEE Computer Graphics & Applications 2006
- Robert Schweller, Zhichun Li, Yan Chen, Yan Gao, Ashish Gupta, Elliot
Parsons, Yin Zhang, Peter Dinda, Ming-Yang Kao, and Gokhan Memik,
Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation,
and Applications, in proceedings of INFOCOM 2006.
- Yan Gao, Zhichun Li, and Yan Chen,
A
DoS Resilient Flow-level Intrusion Detection Approach for High-speed
Networks, in proceedings of ICDCS 2006.
- Zhichun Li, Yan Chen, and Aaron Beach,
Towards Scalable and Robust Distributed Intrusion Alert Fusion with Good
Load Balancing, in proceedings of ACM SIGCOMM Workshop on Large-Scale
Attack Defense 2006.
- Zhichun Li, Manan Sanghi, Brian Chavez, Yan Chen, and Ming-Yang Kao,
Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with
Provable Attack Resilience, in proceedings of IEEE Symposium on Security
and Privacy 2006.
- Robert Schweller, Zhichun Li, Yan Chen, Yan Gao, Ashish Gupta, Elliot
Parsons, Yin Zhang, Peter Dinda, Ming-Yang Kao, and Gokhan Memik, Reversible
sketches: Enabling monitoring and analysis over high-speed data streams, in
IEEE/ACM Transactions on Networking, Volume 15, Issue 5, Oct 2007
- Zhichun Li, Lanjia Wang, Yan Chen and Zhi (Judy) Fu,
Network-based and Attack-resilient Length Signature Generation for Zero-day
Polymorphic Worms, in proceedings of IEEE ICNP 2007
Tools