• DocumentCode
    1707505
  • Title

    Towards collaborative security and P2P intrusion detection

  • Author

    Locasto, Michael E. ; Parekh, Janak J. ; Keromytis, Angelos D. ; Stolfo, Salvatore J.

  • Author_Institution
    Columbia Univ., New York, NY, USA
  • fYear
    2005
  • Firstpage
    333
  • Lastpage
    339
  • Abstract
    The increasing array of Internet-scale threats is a pressing problem for every organization that utilizes the network. Organizations have limited resources to detect and respond to these threats. The end-to-end (E2E) sharing of information related to probes and attacks is a facet of an emerging trend toward "collaborative security". The key benefit of a collaborative approach to intrusion detection is a better view of global network attack activity. Augmenting the information obtained at a single site with information gathered from across the network can provide a more precise model of an attacker\´s behavior and intent. While many organizations see value in adopting such a collaborative approach, some challenges must be addressed before intrusion detection can be performed on an inter-organizational scale. We report on our experience developing and deploying a decentralized system for efficiently distributing alerts to collaborating peers. Our system, worminator, extracts relevant information from alert streams and encodes it in bloom filters. This information forms the basis of a distributed watchlist. The watchlist can be distributed via a choice of mechanisms ranging from a centralized trusted third party to a decentralized P2P-style overlay network.
  • Keywords
    groupware; invasive software; peer-to-peer computing; E2E information sharing; Internet-scale threats; P2P intrusion detection; alert streams; attacker behavior; attacker intent; bloom filters; collaborative security; decentralized P2P-style overlay network; decentralized system; distributed watchlist; end-to-end information sharing; global network attack activity; information extraction; worminator; Data mining; Face detection; IP networks; Information filtering; Information filters; Information security; International collaboration; Intrusion detection; Pressing; Probes;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
  • Print_ISBN
    0-7803-9290-6
  • Type

    conf

  • DOI
    10.1109/IAW.2005.1495971
  • Filename
    1495971