Intrusion Detection for Grid Computing

Mentor:
AAKANKSHA TIWARI

By:
SANHITA DALUI(08510402709) NIKHIL KUMAR(06110402709) CHAYAN MALIK(07210402709)

TABLE OF CONTENTS

PROJECT IMPLEMENTED IN MINOR DEFINITION OF INTRUSION DETECTION SYSTEM (IDS) ARCHITECTURE OF IDS RELATION BETWEEN GRID AND IDS PROBLEM FORMULATION REFERENCES

PROJECT IMPLEMENTED IN MINOR PROJECT

Implemented Dynamic replication in grid computing to reduce data access time and to utilize network and storage resources efficiently.

Implemented

dynamic replication strategy, called BHR (bandwidth based hierarchy replication), it reduces data access time by avoiding network congestions in a data grid network.

DEFINITION OF IDS
Defined by ICSA as: The detection of intrusions or intrusions attempts either manually or via software expert systems that operate on logs or other information available from the system or the network

An intrusion is a deliberate, unauthorized attempt to access or manipulate information or system and to render them unreliable or unusable. When suspicious activity is from your internal network it can also be classified as misuse.

ARCHITECTURE:

RELATIONSHIP BETWEEN IDS AND GRID COMPUTING

Each node identifies local events that could represent security violations and sends an alert to the other nodes. Depicts the sharing of information between the IDS service and the other elements participating in the various sources, such as the log system, service, and node messages.

architecture: the node, service, event auditor, and storage service.

Node

: resources, which are accessed homogeneously through the middleware. Service : provides its functionality in the environment through the middleware, which facilitates communication. Event Auditor : is the key piece in the system. It captures data from the client. Storage Service : holds the data that the IDS service must analyze. Its important for all nodes to have access to the same data.

PROBLEM FORMULATION
IDS service increases a grids security level by applying two methods of intrusion detection.

The behavior-based method dictates how to compare recent user actions to the usual behavior. The knowledge-based method detects known trails left by attacks or certain sequences of actions from a user who might represent an The attack.

BEHAVIOR ANALYSIS

Using this method, we need to recognize expected behavior or a severe behavior deviation.
For a given intrusion sample set, the network learns to identify the intrusions using its database. However, we focus on identifying user behavioral patterns and deviations from such patterns.

With this strategy, we can cover a wider range of unknown attacks.

KNOWLEDGE BASED ANALYSIS

Using an expert system, we can describe a malicious behaviour with a rule. One advantage of using this kind of intrusion detection is that we can add new rules without modifying existing ones.
In contrast, behavior-based analysis is performed on learned behavior that cant be modified without losing the previous learning.

REFERENCES:

S. Axelsson, Research in Intrusion-Detection Systems: A Survey, tech. report Dept. Computer Eng., Chalmers Univ. of Technology, 1999. A. Schulter et al., Intrusion Detection for Computational Grids, Proc. 2nd Intl Conf. New Technologies, Mobility, and Security, IEEE Press, 2008, pp. 15. Foster et al., Security Architecture for Computational Grids, Proc. 5th ACM Conf. Computer and Communications Security, ACM Press, 1998, pp. 8392. A GRID BASED INTRUSION DETECTION SYSTEM,Alexandre Schulter, Jlio Albuquerque Reis, Fernando Koch, Carlos Becker Westphall Laboratory Federal University of Santa Catarina Florianpolis, Brazil.