Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation

García, José A.; Autrel, Fabien; Borrell, Joan; Castillo, Sergio; Cuppens, Frédéric; Navarro, Guillermo

doi:10.1007/978-3-540-30191-2_18

Cited by 24 publications

(9 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, they allow detecting complex attacks that take place in several steps. Such approaches (e.g., Dain and Cunningham [2001], Garcia et al [2004], and Eckmann et al [2002]) usually require one to establish an attack database. Furthermore, most of these approaches need to be initialized by a training dataset.…”

Section: Correlation and Aggregationmentioning

confidence: 99%

Taxonomy and Survey of Collaborative Intrusion Detection

et al. 2015

View full text Add to dashboard Cite

The dependency of our society on networked computers has become frightening: In the economy, all-digital networks have turned from facilitators to drivers; as cyber-physical systems are coming of age, computer networks are now becoming the central nervous systems of our physical world-even of highly critical infrastructures such as the power grid. At the same time, the 24/7 availability and correct functioning of networked computers has become much more threatened: The number of sophisticated and highly tailored attacks on IT systems has significantly increased. Intrusion Detection Systems (IDSs) are a key component of the corresponding defense measures; they have been extensively studied and utilized in the past. Since conventional IDSs are not scalable to big company networks and beyond, nor to massively parallel attacks, Collaborative IDSs (CIDSs) have emerged. They consist of several monitoring components that collect and exchange data. Depending on the specific CIDS architecture, central or distributed analysis components mine the gathered data to identify attacks. Resulting alerts are correlated among multiple monitors in order to create a holistic view of the network monitored. This article first determines relevant requirements for CIDSs; it then differentiates distinct building blocks as a basis for introducing a CIDS design space and for discussing it with respect to requirements. Based on this design space, attacks that evade CIDSs and attacks on the availability of the CIDSs themselves are discussed. The entire framework of requirements, building blocks, and attacks as introduced is then used for a comprehensive analysis of the state of the art in collaborative intrusion detection, including a detailed survey and comparison of specific CIDS approaches.

show abstract

Section: Correlation and Aggregationmentioning

confidence: 99%

Taxonomy and Survey of Collaborative Intrusion Detection

et al. 2015

View full text Add to dashboard Cite

show abstract

“…The information exchange between peers is intended to manage a more complete view of the whole system. Once achieved, one can detect and react on the different actions of the corresponding attack [3].…”

Section: System Overviewmentioning

confidence: 99%

“…As described out in [3], the entities of our prevention platform cooperate to detect if the resources, where they are lodged, are taking an active part of a coordinate attack. As it happens with any other traditional detection system, if an attacker is able to manipulate the processes associated to each node, she could bypass the detection mechanisms.…”

Section: Protection Mechanismsmentioning

confidence: 99%

See 1 more Smart Citation

Mechanisms for attack protection on a prevention framework

García

Castillo

Navarro

et al. 2005

Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology

View full text Add to dashboard Cite

show abstract

“…Designing such a system is motivated by future application needs, as we envision that BFT pub/sub can play a role in preventing cheaters in multiplayer online games [2] or fraud in online trading/auctions, or to increase resilience to attacks for an intrusion detection system [12].…”

Section: Introductionmentioning

confidence: 99%

Towards Byzantine fault tolerant publish/subscribe

Jehl

Meling

2013

Proceedings of the 9th Workshop on Hot Topics in Dependable Systems

View full text Add to dashboard Cite

More than a decade of research has gone into techniques aimed at tolerating arbitrary failures in client/server interaction, using consensus based replication. These works made Byzantine fault tolerance possible [5], competitive [18], robust [7], and feasible to apply [6]. In this paper we establish a connection between the pub/sub interaction model and consensus based replication protocols, that makes the above results applicable to the design of large scale eventbased middleware. We propose a Byzantine fault tolerant pub/sub system, on a tree-based overlay, tolerating a configurable number of failures in any part of the system, with minimal divergence from traditional pub/sub specifications and forwarding schemes.

show abstract

Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation

Cited by 24 publications

References 7 publications

Taxonomy and Survey of Collaborative Intrusion Detection

Taxonomy and Survey of Collaborative Intrusion Detection

Mechanisms for attack protection on a prevention framework

Towards Byzantine fault tolerant publish/subscribe

Contact Info

Product

Resources

About