Collaborative defence as a pervasive service: architectural insights and validation methodologies of a trial deployment

Authors:
Eve M. Schooler;Carl Livadas;Joohwan Kim;Prashant Gandhi;Pablo R. Passera;Jaideep Chandrashekar;Steve Orrin;Martin Koyabe;Fadi El-Moussa;Gogobada Daa Dabibi
Affiliations:
Intel Labs, Santa Clara, CA 95054, USA.;Kayak, Sunnyvale, CA 94086, USA.;Hitachi Global Storage Technologies, San Jose, California 95135, USA.;Intel Labs, Santa Clara, CA 95054, USA.;Intel Software & Services Group, Cordoba 5000, Argentina.;Intel Labs, Berkeley, CA 94704, USA.;Intel Software & Services Group, Santa Clara, CA 95054, USA.;BT Innovate & Design, Ipswich IP5 3RE, UK.;BT Innovate & Design, Ipswich IP5 3RE, UK.;BT Innovate & Design, Ipswich IP5 3RE, UK
Venue:
International Journal of Sensor Networks
Year:
2010

Citing 11
Cited 1

SCAMP: Peer-to-Peer Lightweight Membership Service for Large-Scale Group Communication

NGC '01 Proceedings of the Third International COST264 Workshop on Networked Group Communication
A distributed host-based worm detection system

Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Dependency-based distributed intrusion detection

DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
The need for simulation in evaluating anomaly detectors

ACM SIGCOMM Computer Communication Review
An adaptive anomaly detector for worm detection

SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
On the spam campaign trail

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Streaming Estimation of Information-Theoretic Metrics for Anomaly Detection (Extended Abstract)

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
When gossip is good: distributed probabilistic inference for detection of slow network intrusions

AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
COD: online temporal clustering for outbreak detection

AAAI'07 Proceedings of the 22nd national conference on Artificial intelligence - Volume 1
Exploiting Temporal Persistence to Detect Covert Botnet Channels

RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
The cubicle vs. the coffee shop: behavioral modes in enterprise end-users

PAM'08 Proceedings of the 9th international conference on Passive and active network measurement

RETRACTED: Impacts of sensor node distributions on coverage in sensor networks

Journal of Parallel and Distributed Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network defence is an elusive art. The arsenal to defend our devices and networks from attack is constantly lagging behind the latest methods used by attackers to break into them. To counteract this trend, we developed a distributed approach comprised of collaborative end-host detectors. Simulations reveal dramatic improvements over stand-alone detectors in accuracy (fewer false alarms) and in quality (the ability to capture otherwise undetected stealthy anomalies). Although these results derive from botnet detection in enterprise networks, they have broader applicability to the self-manageability of pervasive computing devices. To test this claim, Intel Corporation partnered with British Telecommunications plc to launch a trial deployment. In this paper, we report on architectural insights and validation methodologies gleaned from the development of a testbed infrastructure and phased experiments. Finally, we propose Collaborative Defence as a blueprint for emergent collaborative systems and its measurement-everywhere approach as the adaptive underpinnings needed for pervasive services.