How to exchange security events? Overview and evaluation of formats and protocols

Author

Steinberger, Jessica ; Sperotto, Anna ; Golling, Mario ; Baier, Harald

Author_Institution

Security Res. Group Univ. of Appl. Sci. Darmstadt, Darmstadt, Germany

fYear

2015

fDate

11-15 May 2015

Firstpage

261

Lastpage

269

Abstract

Network-based attacks pose a strong threat to the Internet landscape. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focus on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.

Keywords

Internet; computer network security; protocols; Internet landscape; Internet service providers; anomalous events; cooperative partners; exchange formats; high-speed network context; network flow-based data; network-based attacks; proactive service; protocols; security event information; use-case scenario; Internet; Interoperability; Intrusion detection; Postal services; Protocols; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on

Conference_Location

Ottawa, ON

Type

conf

DOI

10.1109/INM.2015.7140300

Filename

7140300