• Keine Ergebnisse gefunden

Framework for evaluating collaborative intrusion detection systems

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "Framework for evaluating collaborative intrusion detection systems"

Copied!
1
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 1 Seite )

Volltext

(1)

Framework for Evaluating Collaborative Intrusion Detection Systems

Dennis Grunewald, Joel Chinnow, Rainer Bye, Ahmet Camtepe, Sahin Albayrak

DAI-Labor — TU Berlin, Ernst-Reuter-Platz 7 firstname.surname@dai-labor.de

Abstract: Securing IT infrastructures of our modern lives is a challenging task be- cause of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing.

In this work, we presentCIDE, aCollaborative Intrusion Detection Extensionfor the network security simulation platform (NeSSi2). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malware- based attacks. The CIDE simulation environment provides functionalities for easy implementation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other.

1 Introduction

IT infrastructures permeate our daily lives, and our society becomes more dependent on information technologies [Cas05]. Cost reduction, improved business opportunities or quality of services; everyday more systems get connected to the Internet. As the scale of such interconnected IT infrastructures grows, due to short innovation cycles, information and communication technologies become more complex and agile. Therefore, securing IT infrastructures becomes a growing challenge. Monolithic approaches such as using stand- alone virus scanners, firewalls and intrusion detection system (IDS) devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. For example, a single and non-collaborative IDS node suffers from a very limited view and detection ca- pability [ZLK10]. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing.

Collaborative IDS (CIDS) systems generally consist of nodes (also agents or peers) that monitor a portion of a communication network and exchange intrusion-related informa- tion amongst each other. First, centralized approaches came up, where a single node

116

Referenzen

Jetzt herunterladen ( PDF - 1 Seite - 23.84 KB )

ÄHNLICHE DOKUMENTE

ID2T: a DIY Dataset Creation Toolkit for Intrusion Detection Systems

We present an Intrusion Detection Dataset Toolkit (ID2T) for the creation of labeled datasets containing user defined synthetic attacks.. The architecture of the toolkit is provided

On Probe-Response Attacks in Collaborative Intrusion Detection Systems

First, we argue that the utilized marker type is not limited to a specific field but can be rather dynamic with respect to the specifics of the targeted CIDS. For instance, in [13],

Probe-response attacks on collaborative intrusion detection systems: effectiveness and countermeasures

In Figure 2 we show the frequency distribution of possible probe markers, i.e., destination ports, source ports, and IP source addresses, in the context of the Dshield CIDS [3]B.

SkipMon: A Locality-Aware Collaborative Intrusion Detection System

For our system we make use of the SkipNet P2P overlay as introduced in Section II-A. As discussed, SkipNet can provide both data and routing locality. In this work, we focus on

A recommended framework for anomaly intrusion detection system (IDS)

18.. In general, an anomaly-based detector can be trained to build a normal behavior profile via three ways, namely supervised, semi-supervised, unsupervised. Both supervised

A New Ensemble-Based Intrusion Detection System for Internet of Things

Nivaashini, M.; Thangaraj, P.: A framework of novel feature set extraction based intrusion detection system for internet of things using hybrid machine learning algorithms. In:

Synthetic Log Data Modeling for the Evaluation of Intrusion Detection Systems

To ensure that we do not create any log lines completely different from the lines of the real log file, we run the clustering algorithm again on the generated log files, with the

Einleitung. Firewalls und Intrusion- Detection-Systeme. Forensische Untersuchungen

Wenn man die in diesem Buch besprochenen Tätigkeiten vielleicht nicht selbst durchführen kann, bietet das erworbene Wissen dennoch die Möglichkeit, sich einen Überblick über