NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
An Architecture for Intrusion Detection Using Autonomous Agents
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Privacy-preserving payload-based correlation for accurate malicious traffic detection
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Collaborating against common enemies
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Security against probe-response attacks in collaborative intrusion detection
Proceedings of the 2007 workshop on Large scale attack defense
Information fusion for computer security: State of the art and open issues
Information Fusion
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Efficient distributed signature analysis
AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
Multicast with aggregated deliveries
Proceedings of the First International Workshop on Algorithms and Models for Distributed Event Processing
Guarantees for decentralized event correlation
Proceedings of the 8th Middleware Doctoral Symposium
Cross-Domain collaborative anomaly detection: so far yet so close
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
FAIDECS: fair decentralized event correlation
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
An epistemic event-based correlation approach for managing pervasive networks
International Journal of Network Management
FAIDECS: fair decentralized event correlation
Proceedings of the 12th International Middleware Conference
| Hi-index | 0.00 |
Evidence of attacks against a network and its resources is often scattered over several hosts. Intrusion detection systems (IDS) which attempt to detect such attacks therefore have to collect and correlate information from different sources. We propose a completely decentralized approach to solve the task of event correlation and information fusing of data gathered from multiple points within the network.Our system models an intrusion as a pattern of events that can occur at different hosts and consists of collaborating sensors deployed at various locations throughout the protected network installation.We present a specification language to define intrusions as distributed patterns and a mechanism to specify their simple building blocks. The peer-to-peer algorithm to detect these patterns and its prototype implementation, called Quicksand, are described. Problems and their solutions involved in the management of such a system are discussed.