State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Practical Unix and Internet security (2nd ed.)
Practical Unix and Internet security (2nd ed.)
From the President: building Big Brother
Communications of the ACM
Cryptography and data security
Cryptography and data security
Lattice-Based Access Control Models
Computer
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Journal of Computer Security - IFIP 2000
Integrating cooperative engagement capability into network-centric information system security
Current security management & Ethical issues of information technology
Home-centric visualization of network traffic for security administration
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Sanitization models and their limitations
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Security in grid computing: A review and synthesis
Decision Support Systems
Building an inter-IDS central analysis platform in the network center of China's central bank
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Did IT consulting firms gain when their clients were breached?
Computers in Human Behavior
Information Systems and e-Business Management
Theorizing Information Security Success: Towards Secure E-Government
International Journal of Electronic Government Research
Information Resources Management Journal
Hi-index | 0.00 |
Early systems for networked intrusion detection (or, more generally, intrusion or misuse management) required either a centralized architecture or a centralized decision-making point, even when the data gathering was distributed. More recently, researchers have developed far more decentralized intrusion detection systems using a variety of techniques. Such systems often rely upon data sharing between sites which do not have a common administrator and therefore cooperation will be required in order to detect and respond to security incidents. It has therefore become important to address cooperation and data sharing in a formal manner.In this paper, we discuss the detection of distributed attacks across cooperating enterprises. We begin by defining relationships between cooperative hosts, then use the take-grant model to identify both when a host could identify a widespread attack and when that host is at increased risk due to data sharing. We further refine our definition of potential identification using access, integrity, and cooperation policies which limit sharing. Finally, we include a brief description of both a simple Prolog model encorporating data sharing policies and a prototype cooperative intrusion detection system.