Title :
A study of alert-based collaborative defense
Author :
Hsin, Wen-Yi ; Tseng, Shian-Shyong ; Lin, Shun-Chieh
Author_Institution :
Dept. of Comput. & Inf. Sci., Nat. Chiao Tung Univ., Hsinchu, Taiwan
Abstract :
We propose a framework for collaborative defense by extending the original distributed intrusion detection model. It contains alert´s collector, extractor, analyzer, report´s generator, alert warehouse and alert´s analysis. Besides, we develop a hybrid approach to share security information like raising the wolf smoke to warn partners. By the security information sharing, the members of CSIRT can obtain the solutions of defense, such as blacklists, detection rules, and security knowledge about alerts. The framework provides a solution to build effective cooperative security teams for academia and industry. We evaluate the feasibility of our framework and track the spreading behaviors of the SQL Slammer Worm. As a result, we can deploy security system more widely and detect the aggressor´s behavior more accurately. The alert-based collaborative defense mechanism can help members to evaluate the impact of the threats and take proper actions to mitigate the risk.
Keywords :
distributed processing; invasive software; SQL Slammer Worm; alert analyzer; alert collector; alert extractor; alert report generator; alert warehouse; alert-based collaborative defense; cooperative security teams; distributed intrusion detection model; Collaboration; Data mining; Data security; Defense industry; Distributed computing; Information analysis; Information science; Information security; Internet; Intrusion detection;
Conference_Titel :
Parallel Architectures,Algorithms and Networks, 2005. ISPAN 2005. Proceedings. 8th International Symposium on
Print_ISBN :
0-7695-2509-1
DOI :
10.1109/ISPAN.2005.13
