Collaborative intrusion detection framework : characteristics, adversarial opportunities and countermeasures

Bye, Rainer, Camtepe, Seyit Ahmet, & Albayrak, Sahin (2010) Collaborative intrusion detection framework : characteristics, adversarial opportunities and countermeasures. In Proceedings of the 2010 International conference on Collaborative methods for security and privacy, USENIX Association, Washington DC, USA, p. 1.

View at publisher

Abstract

Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries.

The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.

Impact and interest:

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 58113
Item Type: Conference Paper
Refereed: Yes
Keywords: collaborative intrusion detection, adversariel opportunities
ISBN: 999-8-7777-6666-5
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Past > Institutes > Information Security Institute
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Deposited On: 12 Mar 2013 01:26
Last Modified: 22 Jul 2013 02:23

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page