Implementing advanced inrusion detection system by monitoring network anamalies and using encrypted access of data

Abstract

The Telnet, rlogin, rcp, rsh commands have a number of security weakness: all communications are in clear text and no machine authentication takes place. These commands are open to eavesdropping and tcp/ip address spoofing. SSH uses public/private key RSA authentication to check the identity of communicating peer machines, encryption of all data exchanged (with strong algorithms such as blowfish, 3DES, IDEA etc.). In this paper we proposed an IDS for encrypted access with SSH2 protocol to network public servers. Our proposed system detects the intrusions based on transferred data size and timing, which are available without decryption. The results reveal that the proposed system work well for different kinds of intrusions. Pre-operations are not needed and privacy is not violated. The detection is based on anomaly detection, which relies on the frequency of similar accesses and the characteristics of usual HTTP accesses. Keywords: IDS, SSH, SSH2, MD5,MAC

View PDF