Title :
Collaborative defense as a pervasive service Architectural insights and validation methodologies of a trial deployment
Author :
Schooler, Eve M. ; Livadas, Carl ; Kim, Joohwan ; Gandhi, Prashant ; Passera, Pablo R. ; Chandrashekar, Jaideep ; Orrin, Steve ; Koyabe, Martin ; El-Moussa, Fadi ; Dabibi, Gogobada Daa
Author_Institution :
Corp. Technol. Group, Intel Corp., Santa Clara, CA
Abstract :
Network defense is an elusive art. The arsenal to defend our devices from attack is constantly lagging behind the latest methods used by attackers to break into them and subsequently into our networks. To counteract this trend, we developed a distributed, scalable approach that harnesses the power of collaborative end-host detectors or sensors. Simulation results reveal order of magnitude improvements over stand-alone detectors in the accuracy of detection (fewer false alarms) and in the quality of detection (the ability to capture stealthy anomalies that would otherwise go undetected). Although these results arise out of a proof of concept in the arena of botnet detection in an enterprise network, they have broader applicability to the area of network self-manageability of pervasive computing devices. To test the efficacy of these ideas further, Intel Corporation partnered with British Telecommunications plc to launch a trial deployment. In this paper, we report on results and insights gleaned from the development of a testbed infrastructure and phased experiments; (1) the design of a re-usable measurement-inference architecture into which 3rd party sensor developers can integrate a wide variety of ldquoanomaly detectionrdquo algorithms to derive the same correlation-related performance benefits; (2) the development of a series of validation methodologies necessitated by the lack of mature tools and approaches to attest to the security of distributed networked systems; (3) the critical role of learning and adaptation algorithms to calibrate a fully-distributed architecture of varied devices in varied contexts, and (4) the utility of large-scale data collections to assess what´s normal behavior for Enterprise end-host background traffic as well as malware command-and-control protocols. Finally, we propose collaborative defense as a blueprint for emergent collaborative systems and its measurement-everywhere approach as the adaptive underpinnings needed for pervasive- services.
Keywords :
business communication; computer network management; computer network reliability; invasive software; learning (artificial intelligence); protocols; telecommunication security; telecommunication traffic; ubiquitous computing; British Telecommunications; Intel Corporation; architectural insight; botnet detection; collaborative end-host detector; collaborative end-host sensor; collaborative network defense testbed; distributed approach; distributed networked system security; enterprise end-host background traffic; enterprise network self-manageability; intrusion detection; machine learning algorithm; malware command-and-control protocol; pervasive computing device; reusable measurement-inference architecture; stealthy anomaly detection algorithm; validation methodology; Algorithm design and analysis; Art; Collaboration; Computer architecture; Detectors; Pervasive computing; Phase measurement; Programmable control; Sensor systems; System testing; anomaly detection; collaborative systems; component; distributed inference; distributed systems; intrusion detection; malware; network security; pervasive computing;
Conference_Titel :
Testbeds and Research Infrastructures for the Development of Networks & Communities and Workshops, 2009. TridentCom 2009. 5th International Conference on
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4244-2846-5
Electronic_ISBN :
978-1-4244-2847-2
DOI :
10.1109/TRIDENTCOM.2009.4976261
