initial commit for the full summary

parent e46cffdb
This contains the following.
1. Architecture of the system.
2. Tools we are considering to work with.
3. Things to be done.
4. Challenges in that.
5. Possible Approaches
NOTE: spell check using the below command
aspell --lang=en_GB -t -c <file-name>
\title{Elastic IDS Overall Architecture Explained}
Praveen Kumar Shanmugam\\
School of Computing\\
University of Utah
This is describes about the overall architecture and the challenges in the
project \ldots
The main goal of the system is to make the IDS management simple and automated.
Our approach uses the capability of Software Defined Network (SDN) to manage the
network from a single point and leverage the elasticity of the cloud computing
resource and build a generic framework for the IDS management.
The Campus network consists of many services in its core network. We assume
that the whole network is SDN capable. It consists of a SDN capable Cloud
which is a generic Cloud service.
\section{Problem Statement}
As the IDS installation requires manual installation of tap points in the
network and IDS server/sensor node setup which is a long and painstaking
With the cloud infrastructure enabling the power of elasticity with on demand
instance creation and deletion and SDN providing the full network view and
control giving the possibility of automation with right kind of framework.
\section{Proposed Solution}
The SDN Controller in the campus network makes it possible to tap traffic at
any point in the network and deliver it to the IDS instance in the cloud. The
SDN Controller can talk to the Cloud Controller Interface to instantiate new
IDS instance in case of huge traffic to be monitored or a new tap point is
specified by the network administrator.
\section{Campus Network}
The Campus Gateway (CG) serves as the entry point of the core network in which all
the inbound and outbound traffic passes through. The Campus Cloud Gateway
(CClG) forms the boundary between the campus core network and the Campus Cloud
Network. Cloud Compute Gateway (ClCG) acts as the entry for point for the
cloud traffic.\\
The Cloud consists of Cloud Controller which manages instances in it and it
also has a SDN controller inside the cloud which spans through out the cloud
network devices within it.\\
The Campus Core network also has an SDN controller which spans across the core
network devices.\\
\section{CNAC Interface}
We introduce a Cloud and Network Access Controller (CNAC) module which forms
the brain of the framework. CNAC interfaces with the Cloud Controller and
the Cloud SDN Controller for controlling the IDS instances and network path
for that instance. Without the access to the network in the Cloud for the IDS
instance it is very difficult to deliver the traffic of interest just like the
packet which reaches the destination.
\section{Tools Considered}
\item Security Onion (SO) [pluggable interface for various IDS] \url{}
\item Chef: To distribute the rules of the IDS installation in Security Onion.
\item CLIPS/DROOL : Rule based modules.
\section{Security Onion}
Describe about this..[TO-DO]\\
\section{Plumbing to be done}
\item Security Onion is a GUI tool : Tailor this to work in a single line
installation script to automatically setup in sensor mode.
\item Add Chef Support to SO.[optional at this point of time]
\item CNAC to support talking to the Cloud Controller to instantiate new
\item CNAC to support query interface with SO Server to take necessary
actions in the Campus network.
\item CNAC to talk to Cloud SDN Controller to setup path for IDS traffic
from Campus Core network.
\item CNAC must have rule based support for forming the closed loop part
of the architecture.
% \centerline{\includegraphics[width=1.0\textwidth]{ElasticIdsArch.jpg}}
% \caption{Elastic IDS Architecture Diagram}
% \label{DM}
%\section{Previous work}\label{previous work}
%A much longer \LaTeXe{} example was written by Gil~\cite{Gil:02}.
%In this section we describe the results.
%We worked hard, and achieved very little.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment