Telemetry Network Intrusion Detection Test Bed

Abstract

The transition of telemetry from link-based to network-based architectures opens these systems to new security risks. Tools such as intrusion detection systems and vulnerability scanners will be required for emerging telemetry networks. Intrusion detection systems protect networks against attacks that occur once the network boundary has been breached. An intrusion detection model was developed in the Wireless Networking and Security lab at Morgan State University. The model depends on network traffic being filtered into traffic streams. The streams are then reduced to vectors. The current state of the network can be determined using Viterbi analysis of the stream vectors. Viterbi uses the output of the Hidden Markov Model to find the current state of the network. The state information describes the probability of the network being in predefined normal or attack states based on training data. This output can be sent to a network administrator depending on threshold levels. In this project, a penetration-testing tool called Metasploit was used to launch attacks against systems in an isolated test bed. The network traffic generated during an attack was analyzed for use in the MSU intrusion detection model.