Abstract

The JiNao IDS project focuses on detecting intrusions, especially insider attacks against link state routing protocols such as OSPF. One important feature of the JiNao system is its integrated network management (INM) capability. Through SNMP and distributed programming interface (DPI), we can manage and control distributed JiNao IDS remotely, interoperate with other JiNao systems to do correlation analysis, and utilize both private MIB and OSPF MIB as a complementary way of doing intrusion detection. This paper describes the design and implementation of JiNao's INM architecture. Three OSPF insider attacks (maxseq, maxage, and seq++) have been developed to evaluate its effectiveness and detection capability.