Decentralized Event Correlation for Intrusion Detection
作者: Christopher Krügel , Thomas Toth , Clemens Kerer
关键词:
摘要: Evidence of attacks against a network and its resources is often scattered over several hosts. Intrusion detection systems (IDS) which attempt to detect such therefore have collect correlate information from different sources. We propose completely decentralized approach solve the task event correlation fusing data gathered multiple points within network.Our system models an intrusion as pattern events that can occur at hosts consists collaborating sensors deployed various locations throughout protected installation.We present specification language define intrusions distributed patterns mechanism specify their simple building blocks. The peer-to-peer algorithm these prototype implementation, called Quicksand, are described. Problems solutions involved in management discussed.
springer.com
acm.org 
sci-hub.se 参考文章(14)
Luiz F. Rust da Costa Carmo, Luci Pirmez, Jose Duarte de Queiroz, Micael: An Autonomous Mobile Agent System to Protect New Generation Networked Applications. recent advances in intrusion detection. ,(1999)
Giovanni Vigna, Richard A. Kemmerer, NetSTAT: a network-based intrusion detection system Journal of Computer Security. ,vol. 7, pp. 37- 71 ,(1999) , 10.3233/JCS-1999-7103
Giovanni Vigna, Richard A. Kemmerer, Per Blix, Designing a Web of Highly-Configurable Intrusion Detection Sensors recent advances in intrusion detection. pp. 69- 84 ,(2001) , 10.1007/3-540-45474-8_5
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
Stephen E. Smaha, Terrance L. Goan, James Brentano, Daniel M. Teal, Karl N. Levitt, Biswanath Mukherjee, Steven R. Snapp, L. Todd Heberlein, Gihan V. Dias, Tim Grance, Che-Lin Ho, Doug Mansur, DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype Internet besieged. pp. 211- 227 ,(1997)
Purdue University. Department of Computer Sciences, Defending a Computer System Using Autonomous Agents ,(1995)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Christopher Krügel, Thomas Toth, Engin Kirda, Service specific anomaly detection for network intrusion detection acm symposium on applied computing. pp. 201- 208 ,(2002) , 10.1145/508791.508835
Judith Hochberg, Kathleen Jackson, Cathy Stallings, J.F. McClary, David DuBois, Josephine Ford, NADIR: An automated system for detecting network intrusion and misuse Computers & Security. ,vol. 12, pp. 235- 248 ,(1993) , 10.1016/0167-4048(93)90110-Q
G.B. White, E.A. Fisch, U.W. Pooch, Cooperating security managers: a peer-based intrusion detection system IEEE Network. ,vol. 10, pp. 20- 23 ,(1996) , 10.1109/65.484228