Academic Commons

Articles

Towards Collaborative Security and P2P Intrusion Detection

Locasto, Michael E.; Parekh, Janak J.; Keromytis, Angelos D.; Stolfo, Salvatore

The increasing array of Internet-scale threats is a pressing problem for every organization that utilizes the network. Organizations have limited resources to detect and respond to these threats. The end-to-end (E2E) sharing of information related to probes and attacks is a facet of an emerging trend toward "collaborative security". The key benefit of a collaborative approach to intrusion detection is a better view of global network attack activity. Augmenting the information obtained at a single site with information gathered from across the network can provide a more precise model of an attacker's behavior and intent. While many organizations see value in adopting such a collaborative approach, some challenges must be addressed before intrusion detection can be performed on an inter-organizational scale. We report on our experience developing and deploying a decentralized system for efficiently distributing alerts to collaborating peers. Our system, worminator, extracts relevant information from alert streams and encodes it in bloom filters. This information forms the basis of a distributed watchlist. The watchlist can be distributed via a choice of mechanisms ranging from a centralized trusted third party to a decentralized P2P-style overlay network.

Subjects

Files

More About This Work

Academic Units
Computer Science
Published Here
April 30, 2010

Notes

Proceedings from the Sixth Annual IEEE Systems, Man, and Cybernetics (SMC) Information Assurance Workshop: workshop papers: June 15-17, 2005, West Point, New York (Piscataway, N.J.: IEEE, 2005), pp. 333-339.

Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.