Title :
Distributed Exchange of Alerts for the Detection of Coordinated Attacks
Author :
Garcia-Alfaro, J. ; Jaeger, M.A. ; Miihl, G. ; Barrera, I. ; Borrell, J.
Author_Institution :
Comput. Sci. & Multimedia Studies Rambla Poble Nou 156, Open Univ. of Catalonia, Barcelona
Abstract :
Attacks and intrusions to information systems cause large revenue losses. The prevention of these attacks is not always possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to react against the different actions of such an attack. The design and deployment of a decentralized system targeted at detecting as well as reacting to information system attacks might benefit from the use of the publish/subscribe model. In this paper, we discuss the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework and overview the design and implementation of our approach by using a combination of two different publish/subscribe middleware products. Furthermore, we present a quantitative evaluation of our approach.
Keywords :
computer networks; message passing; middleware; telecommunication security; coordinated attack detection; decentralized system; distributed alert exchange; information system; publish/subscribe middleware product; revenue loss; Communication networks; Computer networks; Computer science; Computer security; Distributed computing; Information systems; Message-oriented middleware; Multimedia systems; Prototypes; Scalability; Attack Prevention System; IDMEF; Message Oriented Middleware; Network Security; Publish/Subscribe;
Conference_Titel :
Communication Networks and Services Research Conference, 2008. CNSR 2008. 6th Annual
Conference_Location :
Halifax, NS
Print_ISBN :
978-0-7695-3135-9
DOI :
10.1109/CNSR.2008.70
