Cooperative forensics sharing

Authors:
Fareed Zaffar;Gershon Kedem
Affiliations:
Duke University, Durham NC;Duke University, Durham NC
Venue:
Proceedings of the 1st international conference on Bio inspired models of network, information and computing systems
Year:
2006

Citing 11
Cited 0

Yenta: a multi-agent, referral-based matchmaking system

AGENTS '97 Proceedings of the first international conference on Autonomous agents
Weaving a Web of trust

World Wide Web Journal - Special issue: Web security: a matter of trust
Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks

Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
On computer viral infection and the effect of immunization

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
MET: an experimental system for Malicious Email Tracking

Proceedings of the 2002 workshop on New security paradigms
Decentralized Trust Management

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Inside the Slammer Worm

IEEE Security and Privacy
Recent worms: a survey and trends

Proceedings of the 2003 ACM workshop on Rapid malcode
Worm propagation modeling and analysis under dynamic quarantine defense

Proceedings of the 2003 ACM workshop on Rapid malcode
Paranoid: A Global Secure File Access Control System

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Cooperative peer groups in NICE

Computer Networks: The International Journal of Computer and Telecommunications Networking - Management in peer-to-peer systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Having timely and credible security information is becoming critical to network and security management. Most current sources of threat information and detection techniques suffer from having a limited view of the global threat scenario. In this paper, we present Foresight, an internet scale threat analysis, indication, early warning and response architecture. We describe the design of an incentive based cooperation scheme to create a global trusted community which is more accountable and hence less vulnerable to attacks and abuse. Foresight utilizes this infrastructure to share a global threat view in order to detect unknown threats and isolate them. We describe a novel behavioral signature scheme to extract a generalized footprint for multi-modal threats. System performance analysis through trace-based simulations show significant benefits for sharing forensics across cooperating domains.