Distributed Exchange of Alerts for the Detection of Coordinated Attacks

Author

Garcia-Alfaro, J. ; Jaeger, M.A. ; Miihl, G. ; Barrera, I. ; Borrell, J.

Author_Institution

Comput. Sci. & Multimedia Studies Rambla Poble Nou 156, Open Univ. of Catalonia, Barcelona

fYear

2008

fDate

5-8 May 2008

Firstpage

96

Lastpage

103

Abstract

Attacks and intrusions to information systems cause large revenue losses. The prevention of these attacks is not always possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to react against the different actions of such an attack. The design and deployment of a decentralized system targeted at detecting as well as reacting to information system attacks might benefit from the use of the publish/subscribe model. In this paper, we discuss the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework and overview the design and implementation of our approach by using a combination of two different publish/subscribe middleware products. Furthermore, we present a quantitative evaluation of our approach.

Keywords

computer networks; message passing; middleware; telecommunication security; coordinated attack detection; decentralized system; distributed alert exchange; information system; publish/subscribe middleware product; revenue loss; Communication networks; Computer networks; Computer science; Computer security; Distributed computing; Information systems; Message-oriented middleware; Multimedia systems; Prototypes; Scalability; Attack Prevention System; IDMEF; Message Oriented Middleware; Network Security; Publish/Subscribe;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Networks and Services Research Conference, 2008. CNSR 2008. 6th Annual

Conference_Location

Halifax, NS

Print_ISBN

978-0-7695-3135-9

Type

conf

DOI

10.1109/CNSR.2008.70

Filename

4519845