Global Intrusion Detection in the DOMINO Overlay System.
作者: Vinod Yegneswaran , Paul Barford , Somesh Jha
DOI:
关键词:
摘要: Sharing data between widely distributed intrusion detection systems offers the possibility of significant improvements in speed and accuracy over isolated systems. In this paper, we describe evaluate DOMINO (Distributed Overlay for Monitoring InterNet Outbreaks); an architecture a system that fosters collaboration among heterogeneous nodes organized as overlay network. The design enables to be heterogeneous, scalable, robust attacks failures. An important component DOMINO’s is use active-sink which respond measure connections unused IP addresses. This efficient from spoofed sources, reduces false positives, attack classification production timely blacklists. We capabilities performance using large set logs collected 1600 providers across Internet. Our analysis demonstrates marginal benefit obtained sources coordinated through like DOMINO. also how configure order maximize gains perspectives blacklist length, freshness proximity. perform retrospective on 2002 SQL-Snake 2003 SQL-Slammer epidemics highlights information exchange would have reduced reaction time false-alarm rates during outbreaks. Finally, provide preliminary results our prototype deployment illustrates limited variability sink traffic feasibility discrimination types. ∗The U.S. Government authorized reproduce distribute reprints Governmental purposes, notwithstanding any copyright notices affixed thereon. views conclusions contained herein are those authors, should not interpreted necessarily representing official policies or endorsements, either expressed implied, above government agencies Government.
wisconsin.edu
ndss-symposium.org
isoc.org参考文章(37)
I. R. Goodman, Ronald P. Mahler, Hung T. Nguyen, Mathematics of data fusion ,(1997)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Stefan Savage, Colleen Shannon, David Moore, The Spread of the Sapphire/Slammer Worm ,(2003)
Robert M. Gray, Entropy and information theory ,(1990)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
K.G. Anagnostakis, M.B. Greenwald, S. Ioannidis, A.D. Keromytis, Dekai Li, A cooperative immunization system for an untrusting Internet international conference on networks. pp. 403- 408 ,(2003) , 10.1109/ICON.2003.1266224
Christopher Krügel, Thomas Toth, Clemens Kerer, Decentralized Event Correlation for Intrusion Detection international conference on information security and cryptology. ,vol. 2288, pp. 114- 131 ,(2001) , 10.1007/3-540-45861-1_10
Julia Allen, Alan Christie, William Fithen, John McHugh, Jed Pickel, State of the Practice of Intrusion Detection Technologies Defense Technical Information Center. ,(2000) , 10.21236/ADA375846
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
F. Cuppens, Managing alerts in a multi-intrusion detection environment annual computer security applications conference. pp. 22- 31 ,(2001) , 10.1109/ACSAC.2001.991518
Frédéric Cuppens, Rodolphe Ortalo, LAMBDA: A Language to Model a Database for Detection of Attacks recent advances in intrusion detection. pp. 197- 216 ,(2000) , 10.1007/3-540-39945-3_13