Towards collaborative security and P2P intrusion detection Export

@inproceedings{citeulike:1453238, abstract = {The increasing array of Internet-scale threats is a pressing problem for every organization that utilizes the network. Organizations have limited resources to detect and respond to these threats. The end-to-end (E2E) sharing of information related to probes and attacks is a facet of an emerging trend toward "collaborative security". The key benefit of a collaborative approach to intrusion detection is a better view of global network attack activity. Augmenting the information obtained at a single site with information gathered from across the network can provide a more precise model of an attacker's behavior and intent. While many organizations see value in adopting such a collaborative approach, some challenges must be addressed before intrusion detection can be performed on an inter-organizational scale. We report on our experience developing and deploying a decentralized system for efficiently distributing alerts to collaborating peers. Our system, worminator, extracts relevant information from alert streams and encodes it in bloom filters. This information forms the basis of a distributed watchlist. The watchlist can be distributed via a choice of mechanisms ranging from a centralized trusted third party to a decentralized P2P-style overlay network.}, author = {Locasto, M. E. and Parekh, J. J. and Keromytis, A. D. and Stolfo, S. J.}, citeulike-article-id = {1453238}, citeulike-linkout-0 = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1495971}, journal = {Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. Proceedings from the Sixth Annual IEEE}, keywords = {collabroative, security}, pages = {333--339}, posted-at = {2007-07-13 03:37:53}, priority = {2}, title = {Towards collaborative security and P2P intrusion detection}, url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1495971}, year = {2005} }

TY - CONF ID - citeulike:1453238 L3 - citeulike-article-id:1453238 N2 - The increasing array of Internet-scale threats is a pressing problem for every organization that utilizes the network. Organizations have limited resources to detect and respond to these threats. The end-to-end (E2E) sharing of information related to probes and attacks is a facet of an emerging trend toward "collaborative security". The key benefit of a collaborative approach to intrusion detection is a better view of global network attack activity. Augmenting the information obtained at a single site with information gathered from across the network can provide a more precise model of an attacker's behavior and intent. While many organizations see value in adopting such a collaborative approach, some challenges must be addressed before intrusion detection can be performed on an inter-organizational scale. We report on our experience developing and deploying a decentralized system for efficiently distributing alerts to collaborating peers. Our system, worminator, extracts relevant information from alert streams and encodes it in bloom filters. This information forms the basis of a distributed watchlist. The watchlist can be distributed via a choice of mechanisms ranging from a centralized trusted third party to a decentralized P2P-style overlay network. JF - Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. Proceedings from the Sixth Annual IEEE EP - 339 TI - Towards collaborative security and P2P intrusion detection SP - 333 KW - collabroative KW - security AU - Locasto, ME AU - Parekh, JJ AU - Keromytis, AD AU - Stolfo, SJ PY - 2005/// UR - http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1495971 ER -