Grid-based intrusion detection system (GIDS): a complement security system for grid security infrastructure
Loading...
Date
2004-10
Authors
Tian Choon, Ong
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The grid computing concept is similar to the multi-domain of network in a
conventional distributed environment. However, the most concerning issue in grid
computing is on resource sharing under a secured environment. The grid security has
become a big challenge to the community. In the early stage of Grid Security
Infrastructure (GSI} development, GSI developers who are working in this area are
currently developing only the basic security components. To the best of our knowledge,
there is no well published research and development work of Intrusion Detection
Systems (IDS) in grid computing environment at this stage. The main objective of this
research is therefore to study the IDS technology and requirement of IDS in grid
environment.
We proposed a framework of IDS designed for grid, called Grid-based Intrusion
Detection System (GIDS). GIDS will function in one of the Virtual Organisation (VO) in
grid environment to share "intrusion detection seiVice". The GIDS consists of three
main tiers - the agent tier, the server tier and the control center tier. Each tier plays its
distinct role in intrusion detection task, such as data collection, data analysis and
centralised management. In the control center tier, GIDS Manager acts as the control
center for the whole system. The Server tier consists of GIDS Servers that perform the
analysis task. While in the agent tier, there is a daemon component runs as an agent in
all machines being serviced, called GIDS Agent. Since the server tier and the agent
tier are required to communicate with each other, and the communication is through
the whole grid, we have to secure the communication in order to protect it from any
third party attack. In order to provide a secured channel for communication to take
place, an extra component has been added between GIDS Server and GIDS Agent,
called Secure Communicator.
As a proof of concept and functionality, the GIDS was subjected to a series of
tests. The GIDS is tested by modular test, scenario test, overhead test and scalability
test. The results of the experiments are divided into two categories: qualitative result
and quantitative result. The qualitative results serves as a "prove of concept" of the
GIDS design. The quantitative results show a low overhead in agent's site and also a
low overhead in the whole system including network utilisation. The quantitative results
also show that GIDS could be scaled. It also shows that GIDS is timely in providing
intrusion detection service to the machines in the grid.
As a conclusion, both qualitative and quantitative results proof the usefulness of
our approach in providing a solution for effective intrusion detection service in grid
computing. Apart from that, this research a!so raise up awareness of the importance of
IDS for the grid environment in providing multilevel security system.
Description
Keywords
Detection system (GIDS): , Grid security infrastructure