Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Decentralized Event Correlation for Intrusion Detection
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Host-based detection of worms through peer-to-peer cooperation
Proceedings of the 2005 ACM workshop on Rapid malcode
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
A distributed host-based worm detection system
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Towards scalable and robust distributed intrusion alert fusion with good load balancing
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Salsa: a structured approach to large-scale anonymity
Proceedings of the 13th ACM conference on Computer and communications security
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Vulnerabilities of passive internet threat monitors
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Information fusion for computer security: State of the art and open issues
Information Fusion
The role of network trace anonymization under attack
ACM SIGCOMM Computer Communication Review
Quantifying resiliency and detection latency of intrusion detection structures
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
SEPIA: privacy-preserving aggregation of multi-domain network events and statistics
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Privacy-preserving distributed network troubleshooting—bridging the gap between theory and practice
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Probe-response attacks are a new threat for collaborative intrusion detection systems. A probe is an attack which is deliberately crafted so that its target detects and reports it with a recognizable "fingerprint" in the report. The attacker then uses the collaborative infrastructure to learn the detector's location and defensive capabilities from this report. We analyze the fundamental tradeoff between the ability of a collaborative network to detect epidemic threats and security of individual participants against probe-response attacks. We then design and evaluate a collaborative detection system which provides protection against probe-response attacks. Unlike previously proposed collaborative detection networks, our system supports alert sharing while limiting exposure of members' identities.