Intrusion Detection Systems for High Performance Computing Environment Brojo Kishore Mishra 1 , Minakshi Sahu 2 , Satya Naryan Das 3 , 1 Department of IT, C.V. Raman College of Engineering, Bhubaneswar, Odisha, India. 2 Research Scholar, Department of CSE, Centurion University of Technology and Management, Odisha, India . 3 Department of CSE, GIET Gunupur, Odisha, India . 1 brojokishoremisha@gmail.com, 2 saiminakshi@gmail.com, 3 sndas.giet@gmail.com Abstract: The rapid growth of computers transformed the way in which information and data was stored. With this new paradigm of data access, comes the threat of this information being exposed to unauthorized and unintended users. Many systems have been developed which scrutinize the data for a deviation from the normal behavior of a user or system, or search for a known signature within the data. These systems are termed as Intrusion Detection Systems (IDS). Intrusion Detection is the process of monitoring and identifying attempted unauthorized systems access or manipulation. Successful High Performance Computing (HPC) requires a combination of technical innovation as well as political and operational experience to balance out the many (sometimes contradictory) pressures encountered in this field. This is particularly true with respect to operational field. In this paper we try to summarize the various types of Intrusion detection systems available and explain some key points for each particular type of IDS available in the market today and also insight IDS on High Performance Computing (HPC) environment. Keywords: High Performance Computing, HIDS, Hybrid IDS, Intrusion Detection System, Intrusion Prevention, NIDS. I. INTRODUCTION Network Security has turned out to be a more complicated and challenging area in now a day’s network world. When we think of designing a network a key issue to be taken into account is preventing it from the intruders. Intruders may be classified as inside and outside intruders. Inside intruders who belong to the same corporation, access the files of other persons by cracking that person’s password, which leads to a heavy loss in network security. Outside intruders are those who don’t belong to the corporation but they somehow try to access the important files of the corporation. Apart, from the general classification of the intruders[6], we have three more classes of intruder’s classification namely masquerader, misfeasor and clandestine user. • Masquerader is an individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account. • Misfeasors are those legitimate users who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges. • Clandestine users are those who seize supervisory control of the system and use this control to evade auditing and access controls or to suppress audit collection. Some of the examples of intrusion attempts are • Attempts to copy the password file at a rate exceeding once every other day. • Suspicious remote procedure call (RPC) request at a rate exceeding once per week. • Attempts to connect to non-existent “bait” machines at least every two weeks. Firewalls generally don’t detect the inside intruders because of which we go for the intrusion detection system. These system works based on the predefined set of rules, which are set by the network administrator. So we have to prevent this unauthorized access and increase the network security. To do so we have various tools available like firewalls, Intrusion Detection Systems (IDS). II. INTRUSION DETECTION SYSTEMS[7] As defined by Heady et al. [4], an intrusion is any set of actions that attempt to comprise the integrity, confidentiality or availability of a resource. Intrusion leads to violations of the security policies of a computer system, such as unauthorized access to private information, malicious break-in into a computer system, or rendering a system unreliable or unusable. A full-blown network security system should include the following subsystems[8]: • Intrusion Detection Subsystem: Distinguishes a potential intrusion from a valid network operation. • Protection Subsystem: Protects the network and security system itself from being compromised by the network intrusions [1].