Framework for evaluating collaborative intrusion detection systems
Contribuinte(s) |
Heiß, Hans-Ulrich Pepper, Peter Schlingloff, Holger Schneider, Joerg |
---|---|
Data(s) |
01/10/2011
|
Resumo |
Securing IT infrastructures of our modern lives is a challenging task because of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing. In this work, we present CIDE, a Collaborative Intrusion Detection Extension for the network security simulation platform ( NeSSi 2 ). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malware-based attacks. The CIDE simulation environment provides functionalities for easy implementation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other. |
Formato |
application/pdf |
Identificador | |
Publicador |
Gesellschaft fuer Informatik e.V. (GI) |
Relação |
http://eprints.qut.edu.au/58178/1/2013001793.pdf http://www.user.tu-berlin.de/komm/CD/paper/030332.pdf Grunewald, Dennis, Chinnow, Joel, Bye, Rainer, Camtepe, Seyit Ahmet, & Albayrak, Sahin (2011) Framework for evaluating collaborative intrusion detection systems. In Heiß, Hans-Ulrich , Pepper, Peter, Schlingloff, Holger, & Schneider, Joerg (Eds.) Lecture Notes in Informatics, Gesellschaft fuer Informatik e.V. (GI), Berlin, Germany. |
Fonte |
School of Electrical Engineering & Computer Science; Information Security Institute; Science & Engineering Faculty |
Palavras-Chave | #080303 Computer System Security |
Tipo |
Conference Paper |