Collaborative anomaly-based attack detection

Authors:
Thomas Gamer;Michael Scharf;Marcus Schöller
Affiliations:
Institut für Telematik, Universität Karlsruhe (TH), Germany;Institut für Telematik, Universität Karlsruhe (TH), Germany;Computing Department, Lancaster University, UK
Venue:
IWSOS'07 Proceedings of the Second international conference on Self-Organizing Systems
Year:
2007

Citing 9
Cited 3

Classification and detection of computer intrusions

Classification and detection of computer intrusions
Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
Internet broadcasting

Internet broadcasting
Indra: A peer-to-peer approach to network intrusion detection and prevention

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Network traffic anomaly detection based on packet bytes

Proceedings of the 2003 ACM symposium on Applied computing
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
The Spread of the Witty Worm

IEEE Security and Privacy

Collaborative intrusion detection framework: characteristics, adversarial opportunities and countermeasures

CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
Collaborative anomaly-based detection of large-scale internet attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking
An orchestration approach for unwanted Internet traffic identification

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Today networks suffer from various challenges like distributed denial of service attacks or worms. Multiple different anomaly-based detection systems try to detect and counter such challenges. Anomaly-based systems, however, often show high false negative rates. One reason for this is that detection systems work as single instances that base their decisions on local knowledge only. In this paper we propose a collaboration of neighboring detection systems that enables receiving systems to search specifically for that attack which might have been missed by using local knowledge only. Once such attack information is received a decision process has to determine if a search for this attack should be started. The design of our system is based on several principles which guide this decision process. Finally, the attack information will be forwarded to the next neighbors increasing the area of collaborating systems.