Title :
Cooperative Forensics Sharing
Author :
Zaffar, Fareed ; Kedem, Gershon
Author_Institution :
Dept. of Comput. Sci., Duke Univ., Durham, NC
Abstract :
Having timely and credible security information is becoming critical to network and security management. Most current sources of threat information and detection techniques suffer from having a limited view of the global threat scenario. In this paper, we present Foresight, an Internet scale threat analysis, indication, early warning and response architecture. We describe the design of an incentive based cooperation scheme to create a global trusted community which is more accountable and hence less vulnerable to attacks and abuse. Foresight utilizes this infrastructure to share a global threat view in order to detect unknown threats and isolate them. We describe a novel behavioral signature scheme to extract a generalized footprint for multi-modal threats. System performance analysis through trace-based simulations show significant benefits for sharing forensics across cooperating domains
Keywords :
digital signatures; software performance evaluation; systems analysis; Foresight; Internet scale threat analysis; behavioral signature scheme; cooperative forensics sharing; multi-modal threats; security information; security management; system performance analysis; Computer network management; Computer science; Computer security; Computer viruses; Computer worms; Forensics; Information security; Internet; Large-scale systems; Viruses (medical);
Conference_Titel :
Bio-Inspired Models of Network, Information and Computing Systems, 2006. 1st
Conference_Location :
Madonna di Campiglio
Print_ISBN :
1-4244-0538-6
Electronic_ISBN :
1-4244-0539-4
DOI :
10.1109/BIMNICS.2006.361814
