Кисель Николай Николаевич
State UNIVERSITY " National mining
University", Ukraine
The study of reliability when using
grid computing
Intruding attacks are serious problems associated with networked
systems. Intruders attempt to break into a system to gain unauthorized access,
misuse, and abuse the computer and networked system. The purpose of intrusion
detection is to identify those intrusions of various kinds. After detecting the
intrusions, the next step is to trace the locations of the intruders. Then, the
follow-up warning and protection can be processed (such as blacklist,
isolation, blocking etc.).
The intrusion detection problem is an inherent issue and becoming a more
challenging task in collaborative computing environments, since collaborative
computing environments are typically networked systems. Moreover, not only can
there exist attacks from external attackers but malicious internal users in
collaborative computing systems may also launch attacks.
Some main types of intrusions include attempted break-ins. Masquerade
attacks. Penetration of the security control system. The models to detect these
intrusions can be classified as three categories:
1.
Misuse modeling
2.
Anomaly modeling
3.
Specification modeling.
Many intrusion detection systems, including distributed intrusion
detection systems have been proposed. Among various intruding attacks, DoS (and
Distributed DoS) attacks are the most dangerous ones because such attacks are
easy to launch by attackers but hard to defend from the server or victim. Some
defending approaches include single-node defending methods, multiple-node
defending methods and honey pot technology.
In order to locate the intruders, two common traceback strategies have
been proposed: the first type relies much on the routers in the network to send
their identities to the destinations of certain packets, either encoding this
information directly in rarely used bits of the IP header, or by generating a
new packet to the same destination. The second type of solutions involves centralized
management and logging of packet information on the network.
Intrusion detection and traceback systems themselves can be the (first)
targets of attacks by intruders. Hence, they should be implemented to be secure
and robust against attacks. Recently, a new powerful architecture for defending
DoS/DDoS attacks, called Secure Overlay Service. Secure Overlay Service hides
the target server behind an overlay network and the client requests cannot go
to the target server directly, instead, they must go to Secure Overlay Access
Point first. The edges of the overlay network, pass through several
protecting/filtering layers, and finally arrive at the target server (if they
pass all checks).
The intruding attacks can be typically classified as follows:
· Attempted break-in:
an attacker attempts to break into a system by trying different
passwords. This can be generally detected by abnormal behaviors, since the
attempt may generate a high rate of password verification failures with respect
to a single account or the system as a whole.
· Masquerading or successful break-in: an attacker
breaks into a system successfully via unauthorized account and password and
masquerades as the legitimate user to do malicious things. This attack can he
detected by abnormal profiles, strange behaviors, or violations of security
constraints. The attacker may have a different login time, location, or
connection type from that of the account's legitimate user. Moreover, the
masquerader’s actions may differ considerably from that of the legitimate user.
For example, the legitimate user may spend most of his login time on editing or
compiling and linking programs, whereas the masquerader may intensively browse
directories and execute system status commands.
References
1.
Albrecht Beutelspacher.
Cryptology. - "The Mathematical Association of America", 2005. -172 p.:img.
2.
Carl Pomerance . Cryptology and
Computational Number Theory. - "Amer Mathematical Society", 2004. -171 p.:img.