Title :
Collaborative Network Defense with Minimum Disclosure
Author :
Berger, Andreas ; Cesareo, Jacopo ; D´Alconzo, Alessandro
Author_Institution :
FTW Telecommun. Res. Center Vienna, Vienna, Austria
Abstract :
Collaboration of defensive network components of multiple operators is a promising approach for increasing anomaly detection accuracy. This concept involves sharing of possibly sensitive data, hence privacy preservation has to be taken into account. In this paper, we argue that common approaches for sharing traffic information often impede proper analysis due to privacy-preserving mangling operations, and ignore the opportunity to exploit additional knowledge of the originating network operator for interpreting the monitored data. We propose COMINDIS, a lightweight framework for sharing notions of suspiciousness among network operators, and show how to exploit different detection systems for deriving a better understanding of Internet hosts´ activities. We evaluate the system both by using a network emulator and by experimenting with a real traffic trace.
Keywords :
Internet; computer network security; data privacy; telecommunication traffic; terminal emulation; COMINDIS; Internet; anomaly detection; collaborative network defense; data privacy; network emulator; privacy preserving mangling operations; traffic information sharing; Collaboration; Cryptography; IEEE Communications Society; IP networks; Internet; Monitoring; Privacy;
Conference_Titel :
Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE
Conference_Location :
Houston, TX, USA
Print_ISBN :
978-1-4244-9266-4
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2011.6133889
