Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection

Kai Hwang; Muralidaran Gangadharan

doi:10.1109/NCA.2001.962517

N
NCA
2001
IEEE International Symposium on Network Computing and Applications (NCA'01)
Abstract - Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kai Hwang Articles by Muralidaran Gangadharan

IEEE International Symposium on Network Computing and Applications (NCA'01)

Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection

Cambridge, Massachusette

October 08-October 10

ISBN: 0-7695-1432-4

	ASCII Text	x
	Kai Hwang, Muralidaran Gangadharan, "Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection," Network Computing and Applications, IEEE International Symposium on, pp. 0068, IEEE International Symposium on Network Computing and Applications (NCA'01), 2001.

	BibTex	x
	@article{ 10.1109/NCA.2001.962517, author = {Kai Hwang and Muralidaran Gangadharan}, title = {Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection}, journal ={Network Computing and Applications, IEEE International Symposium on}, volume = {0}, year = {2001}, isbn = {0-7695-1432-4}, pages = {0068}, doi = {http://doi.ieeecomputersociety.org/10.1109/NCA.2001.962517}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Network Computing and Applications, IEEE International Symposium on TI - Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection SN - 0-7695-1432-4 SP EP A1 - Kai Hwang, A1 - Muralidaran Gangadharan, PY - 2001 KW - Linux clusters KW - firewall architecture KW - network security KW - intrusion detection KW - intrusion responses KW - mobile agents KW - remote method invocation (RMI) KW - and cluster computing VL - 0 JA - Network Computing and Applications, IEEE International Symposium on ER -

Kai Hwang, University of Southern California

Muralidaran Gangadharan, University of Southern California

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/NCA.2001.962517

This paper reports the design experiences and research findings of a new distributed security architecture for protecting exposed Intranets or clusters of computers from malicious attacks. We present a new approach of building micro-firewalls on network hosts to enable distributed intrusion detection with dynamic policy change, as the threat pattern changes. This distributed security can effectively counteract attacks from intruders or insiders. Three policy-update mechanisms are evaluated for achieving dynamic security: Mobile agents are shown most scalable and robust for policy update, but prone to attacks by other agents or hosts. The CORBA has the best speed performance with lower overhead. The Java-based RMI demonstrates the highest security based on the sandbox model. The optimal choice depends on the tradeoffs among operating speed, Intranet scalability, host robustness, and the security level demanded by specific network applications.

Index Terms:

Linux clusters, firewall architecture, network security,intrusion detection, intrusion responses, mobile agents, remote method invocation (RMI), and cluster computing

Citation:

Kai Hwang, Muralidaran Gangadharan, "Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection," nca, pp.0068, IEEE International Symposium on Network Computing and Applications (NCA'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.