Collaborative Network Defense with Minimum Disclosure

Author

Berger, Andreas ; Cesareo, Jacopo ; D´Alconzo, Alessandro

Author_Institution

FTW Telecommun. Res. Center Vienna, Vienna, Austria

fYear

2011

fDate

5-9 Dec. 2011

Firstpage

1

Lastpage

6

Abstract

Collaboration of defensive network components of multiple operators is a promising approach for increasing anomaly detection accuracy. This concept involves sharing of possibly sensitive data, hence privacy preservation has to be taken into account. In this paper, we argue that common approaches for sharing traffic information often impede proper analysis due to privacy-preserving mangling operations, and ignore the opportunity to exploit additional knowledge of the originating network operator for interpreting the monitored data. We propose COMINDIS, a lightweight framework for sharing notions of suspiciousness among network operators, and show how to exploit different detection systems for deriving a better understanding of Internet hosts´ activities. We evaluate the system both by using a network emulator and by experimenting with a real traffic trace.

Keywords

Internet; computer network security; data privacy; telecommunication traffic; terminal emulation; COMINDIS; Internet; anomaly detection; collaborative network defense; data privacy; network emulator; privacy preserving mangling operations; traffic information sharing; Collaboration; Cryptography; IEEE Communications Society; IP networks; Internet; Monitoring; Privacy;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE

Conference_Location

Houston, TX, USA

ISSN

1930-529X

Print_ISBN

978-1-4244-9266-4

Electronic_ISBN

1930-529X

Type

conf

DOI

10.1109/GLOCOM.2011.6133889

Filename

6133889