Home

Towards Collaborative Security and P2P Intrusion Detection

Michael E. Locasto; Janak J. Parekh; Angelos D. Keromytis; Salvatore Stolfo

Title:
Towards Collaborative Security and P2P Intrusion Detection
Author(s):
Locasto, Michael E.
Parekh, Janak J.
Keromytis, Angelos D.
Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Book/Journal Title:
Proceedings from the Sixth Annual IEEE Systems, Man, and Cybernetics (SMC) Information Assurance Workshop: workshop papers: June 15-17, 2005, West Point, New York
Publisher:
IEEE
Publisher Location:
Piscataway, N.J.
Abstract:
The increasing array of Internet-scale threats is a pressing problem for every organization that utilizes the network. Organizations have limited resources to detect and respond to these threats. The end-to-end (E2E) sharing of information related to probes and attacks is a facet of an emerging trend toward "collaborative security". The key benefit of a collaborative approach to intrusion detection is a better view of global network attack activity. Augmenting the information obtained at a single site with information gathered from across the network can provide a more precise model of an attacker's behavior and intent. While many organizations see value in adopting such a collaborative approach, some challenges must be addressed before intrusion detection can be performed on an inter-organizational scale. We report on our experience developing and deploying a decentralized system for efficiently distributing alerts to collaborating peers. Our system, worminator, extracts relevant information from alert streams and encodes it in bloom filters. This information forms the basis of a distributed watchlist. The watchlist can be distributed via a choice of mechanisms ranging from a centralized trusted third party to a decentralized P2P-style overlay network.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1109/IAW.2005.1495971
Item views:
89
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use