Breaking the barriers between security mechanisms through the composition of Web Services: Towards a solution for the detection of multistage distributed attacks

In recent years, the number of planned and coordinated attacks, such as DDoS (Distributed Denial of Service), has increased significantly. These attacks, also known as multistage attacks, are composed of several stages and originated from multiple sources (hosts). Traditional Intrusion Detection Systems (IDSes) do not tackle adequately such attacks, mainly due to the lack of mechanisms for uniform communication with distinct security systems (e.g., other IDSes, firewalls, etc.) and for the correlation, in a timely manner, of the observed events. In a first attempt to address the aforementioned issues, in this paper we propose a solution for the detection of multistage, distributed attacks based on the creation of security oriented Web Services. The solution comprises two key components: (i) a novel language for the specification of the diverse stages that compose a multistage attack, and (ii) SECCOMPOSE, a service oriented architecture for multistage, distributed attack detection.