Evaluation of a decentralized architecture for large scale collaborative intrusion detection

10th IFIP/IEEE International Symposium on Integrated Network Management 2007, IM '07

Volumn , Issue , 2007, Pages 80-89

  Zhou, Chenfeng Vincent ^a   Karunasekera, Shanika ^a   Leckie, Christopher ^a  

^a UNIVERSITY OF MELBOURNE   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; COMPUTATIONAL EFFICIENCY; COMPUTER SUPPORTED COOPERATIVE WORK; DECENTRALIZED CONTROL; LARGE SCALE SYSTEMS;

CENTRALIZED DETECTION ARCHITECTURE; COLLABORATIVE INTRUSION DETECTION; DETECTION ACCURACY;

INTRUSION DETECTION;

EID: 34748814488     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INM.2007.374772     Document Type: Conference Paper

References (38)

1. X. Li, F. Bian, H. Zhang, C. Diot, R. Govindan, W. Hong, G. Iannaccone, "MIND: A Distributed Multi-Dimensional Indexing System for Network Diagnosis," In IEEE INFOCOM, April 2006.
2. M. Cai, et. al., "Collaborative Internet Worm Containment," In IEEE Security and Privacy Magazine, May/June 2005.
3. M. O. Rabin, "Fingerprinting by Random Polynomials," In Technical Report 15-81, Harvard University, 1981.
4. D. Xu, P. Ning, "Alert Correlation through Triggering Events and Common Resources," In Proceedings of ACSAC '04, 2004.
5. D. Moore, C. Shannon, and K. Claffy, "Code Red: A Case Study on the Spread and Victims of an Internet Worm," In ACM SIGCOMM, 2002.
6. D. R. Karger, et. al., "Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the WorldWideWeb," In Proc. 29th Ann. ACM Symp., May 1997, pp.654-663.
7. U.S. Dept, "Secure Hash Standard," Commerce/NIST, National Technical Information Service, Springfield, VA, FIPS 180-1, Apr. 1995.
8. C. V. Zhou, S. Karunasekera and C. Leckie, "A Peer-to-Peer Collaborative Intrusion Detection System," In Proc. ICON '05, November, 2005.
9. K. Wang, S. Stolfo, "Anomalous Payload-based Network Intrusion Detection," In Proceedings of RAID '04, Sept. 2004.
10. P. Gross, J. Parekh and G. Kaiser, "Secure "Selecticast" for Collaborative Intrusion Detection Systems," In International Workshop on DEBS, 2004.
11. B. H. Bloom, "Space/time trade-offs in hash coding with allowable errors," In CACM, vol. 13, pp.422-426, July 1970.
12. M. E. Locasto, J. J. Parekh, A. D. Keromytis, S. J. Stolfo, "Towards Collaborative Security and P2P Intrusion Detection," In IEEE Workshop on IAS '05, June 2005.
13. M. Costa, et. al., "Vigilante: End-to-End containment of Internet worms," In Proc. of the 20th ACM Symp. on Operating Systems Principles, Brighton, UK, October 2005.
14. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, "Fast portscan detection using sequential hypothesis testing," In Proceedings of S&P (Oakland), May, 2004.
15. S. Staniford, J. A. Hoagland, and J. M. McAlerney, "Practical automated detection of stealthy portscans," In Journal of Computer Security, 10(1/2):105-136, 2002.
16. C. Leckie and R. Kotagiri, "A probabilistic approach to detecting network scans," In Proceedings of NOMS '02, Italy, Apr. 2002.
17. V. Yegneswaran, P. Barford and S. Jha, "Global Intrusion Detection in the DOMINO Overlay System," In 11th ANDSSS, 2004.
18. F. Cuppens and R. Ortalo, "Lambda: A language to model a database for detection of attacks," In Proceedings of RAID 2000.
19. J. Garcia, F. Autrel, J. Borrell, S. Castillo, F. Cuppens, G. Navarro, "Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation," In LNCS, Volume 3269, Jan 2004, pp. 223-235.
20. J. Ullrich: DSHIELD project, http://www.dshield.org.
21. SQL-Slammer Worm, http://www.cert.org/advisories/CA-2003-04.html.
22. D. Moore, V Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, "Inside the Slammer Worm," In IEEE Security & Privacy 2003.
23. F. Cuppens, A. Miege, "Alert correlation in a cooperative intrusion detection framework," In Proc. Security and Privacy, 2002.
24. P. Barford, S. Jha, V Yegneswaran, "Fusion and Filtering in Distributed Intrusion Detection Systems," In Proc. Annual Allerton Conference on Communication, Control and Computing, September, 2004.
25. M. Roesch. "Snort- Lightweight Intrusion Detection for Networks," In Proceedings of the 1999 USENIX LISA Conference, November 1999.
26. V Paxson: "Bro: A system for detecting network intruders in real-time," In IEEE Computer Networks, 31(23-24):2435-2463, 1999
27. D. Green, and J. Swets, "Signal Detection Theory and Psychophysics," John Wiley and Sons, New York, 1966, 45-49.
28. J. A. Hanley, and B. J. McNeil, "The Meaning and Use of the Area Under a Receiver Operating Characteristic (ROC) Curve," In Radiology 143, 29-36.
29. C. E. Metz, "Basic Principles of ROC Analysis," Seminars in Nuclear Medicine, VIII(4), 283-298.
30. PlanetLab Testbed. http:/www.planet-lab.org/.
31. CERT Coordination Center: CERT Advisory CA-2001-26 Nimda Worm. http://www.cert.org/advisories/CA-2001-26.html.
32. An analysis of SQL.Spider-B. (Digispid.B.Worm, Spida, MSSQL Worm and SQL Snake) http://www.sans.org/resources/idfaq/spider.php.
33. R. Rivest, A. Shamir, and L. Adelman, "A method for obtaining digital signatures and public-key cryptosystems," In CACM, 21:120-126, 1978.
34. S. Rhea, et. al., "OpenDHT A Public DHT Service and Its Uses," In Proceedings of ACM SIGCOMM '05, August 2005.
35. Bamboo, http://bamboo-dht.org/.
36. Pastry, http://freepastry.rice.edu/.
37. T Peng, C. Leckie, and K. Ramamohanarao, "Information sharing for distributed intrusion detection systems," Journal of Network and Computer Applications, September 2005.
38. V. Paxson, "An analysis of using reflectors for distributed denial-of-service attacks," Computer Communication Review 31(3).