A study of alert-based collaborative defense

Author

Hsin, Wen-Yi ; Tseng, Shian-Shyong ; Lin, Shun-Chieh

Author_Institution

Dept. of Comput. & Inf. Sci., Nat. Chiao Tung Univ., Hsinchu, Taiwan

fYear

2005

fDate

7-9 Dec. 2005

Abstract

We propose a framework for collaborative defense by extending the original distributed intrusion detection model. It contains alert´s collector, extractor, analyzer, report´s generator, alert warehouse and alert´s analysis. Besides, we develop a hybrid approach to share security information like raising the wolf smoke to warn partners. By the security information sharing, the members of CSIRT can obtain the solutions of defense, such as blacklists, detection rules, and security knowledge about alerts. The framework provides a solution to build effective cooperative security teams for academia and industry. We evaluate the feasibility of our framework and track the spreading behaviors of the SQL Slammer Worm. As a result, we can deploy security system more widely and detect the aggressor´s behavior more accurately. The alert-based collaborative defense mechanism can help members to evaluate the impact of the threats and take proper actions to mitigate the risk.

Keywords

distributed processing; invasive software; SQL Slammer Worm; alert analyzer; alert collector; alert extractor; alert report generator; alert warehouse; alert-based collaborative defense; cooperative security teams; distributed intrusion detection model; Collaboration; Data mining; Data security; Defense industry; Distributed computing; Information analysis; Information science; Information security; Internet; Intrusion detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel Architectures,Algorithms and Networks, 2005. ISPAN 2005. Proceedings. 8th International Symposium on

ISSN

1087-4089

Print_ISBN

0-7695-2509-1

Type

conf

DOI

10.1109/ISPAN.2005.13

Filename

1575819