Jisuanji kexue (Apr 2023)

Container-based Intrusion Detection Method for Cisco IOS-XE

  • YANG Pengfei, CAI Ruijie, GUO Shichen, LIU Shengli

DOI
https://doi.org/10.11896/jsjkx.220300264
Journal volume & issue
Vol. 50, no. 4
pp. 298 – 307

Abstract

Read online

IOS-XE network operating system is widely used in Cisco core routing and switching nodes,and its security is very important.However,its design focuses on the traffic fast-forwarding function and ignores protection for its own security which makes it faces great risks.In addition,the existing intrusion detection methods for traditional IOS system have problems such as poor real-time performance,inaccurate detection results and incomplete detection coverage when transplanted to the IOS-XE system.In order to strengthen the security of the IOS-XE system,this paper proposes a container-based intrusion detection method for Cisco IOS-XE system which can monitor the router states and requests in real time by deploying a detection container on the router.It solves the problems of configuration hidden attack detection,router https control traffic decryption and router state real-time monitor,which helps to detect the intrusion behavior of IOS-XE in real time.Experimental results show that this method can effectively detect common attacks against IOS-XE routers,including password guessing,Web injection,CLI injection,configuration hidden and backdoor implantation.Compared with existing detection methods,the proposed method has higher real-time performance and accuracy,and effectively improves the defense capability of IOS -XE routing devices.

Keywords