Arachne: Integrated Enterprise Security Management

Burnside, Matthew; Keromytis, Angelos D.

doi:10.1109/iaw.2007.381935

Cited by 2 publications

(2 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…have been available for sometime. Also, architectures have been proposed by academic community such as Arachne [3], MINDS [4] etc. Academic and commercial examples of CND can be found in Liu et al [5], Ertoz et al [4], eTrust Security Management software by Computer Associates International Inc. 7 …”

Section: Related Workmentioning

confidence: 99%

A novel architecture for a computer network defense (CND) system using Content Addressable Networks (CAN)

Al-Omari

Gurbani²,

Anjali

2012

2012 IEEE Globecom Workshops

View full text Add to dashboard Cite

Among the current information security prevention systems such as firewalls and intrusion detection systems, there exist several shortages such as alert overload, high false alarm rate, absence of effective alert management mechanism etc. As a result, there is a tremendous amount of alert data overload in the network, and this data could be redundant, irrelevant or meaningless. The result of this information flooding is the inability to correctly correlate the events to locate the security breach. In this paper, we aim to present the architecture of an integrated computer network defense system that is efficient, distributed and adaptable; in short, a good match for the dynamic environment of cloud computing. The use of peer-to-peer architecture is investigated for computer network defense. The architecture consists of an advanced intrusion detection system for identification of malicious traffic in such a manner that a centralized controller correlating the events is not overwhelmed by the deluge of alerts. We investigate the Content Addressable Network Distributed Hash Table for the event aggregation.

show abstract

Section: Related Workmentioning

confidence: 99%

A novel architecture for a computer network defense (CND) system using Content Addressable Networks (CAN)

Al-Omari

Gurbani²,

Anjali

2012

2012 IEEE Globecom Workshops

View full text Add to dashboard Cite

show abstract

“…The initial concepts of the Arachne architecture were first sketched out in [4]. This new paper reflects the substantial changes to the core architecture and lessons learned during the development pro-cess, including radical changes to the event correlation and policy evaluation mechanisms.…”

Section: Introductionmentioning

confidence: 99%

Asynchronous policy evaluation and enforcement

Burnside

Keromytis

2008

Proceedings of the 2nd ACM Workshop on Computer Security Architectures

Self Cite

View full text Add to dashboard Cite

Evaluating and enforcing policies in large-scale networks is one of the most challenging and significant problems facing the network security community today. Current solutions are limited by an out-of-date allow/deny paradigm, and policies are evaluated synchronously and independently at each service. This makes it difficult to detect or defend against multi-stage attacks, or attacks which begin as innocent requests and then later exhibit malicious behavior in the same context. In this paper we describe Arachne, a prototype for asynchronous policy evaluation. We evaluate the system by testing it against pre-recorded traffic containing known and unknown attacks and show that it is capable of processing events at more than 10x the required rate for a deployed, heavily-used network.

show abstract

Arachne: Integrated Enterprise Security Management

Cited by 2 publications

References 29 publications

A novel architecture for a computer network defense (CND) system using Content Addressable Networks (CAN)

A novel architecture for a computer network defense (CND) system using Content Addressable Networks (CAN)

Asynchronous policy evaluation and enforcement

Contact Info

Product

Resources

About