chapter 9 cooperation in intrusion detection networks
Download
Skip this Video
Download Presentation
Chapter 9: Cooperation in Intrusion Detection Networks

Loading in 2 Seconds...

play fullscreen
1 / 20

Chapter 9: Cooperation in Intrusion Detection Networks - PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on

Chapter 9: Cooperation in Intrusion Detection Networks. Authors: Carol Fung and Raouf Boutaba Editors: M. S. Obaidat and S. Misra Jon Wiley & Sons publishing. Network Intrusions. Unwanted traffic or computer activities that may be malicious and destructive Denial of Service Identity theft

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Chapter 9: Cooperation in Intrusion Detection Networks' - yamin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 9 cooperation in intrusion detection networks

Chapter 9: Cooperation in Intrusion Detection Networks

Authors: Carol Fung and Raouf Boutaba

Editors: M. S. Obaidat and S. Misra

Jon Wiley & Sons publishing

network intrusions
Network Intrusions
  • Unwanted traffic or computer activities that may be malicious and destructive
    • Denial of Service
    • Identity theft
    • Spam mails
  • Single-host intrusion
  • Cooperative attacks
intrusion detection systems
Intrusion Detection Systems
  • Designed to monitor network traffic or computer activities and alert administrators for suspicious intrusions
    • Signature-based and anomaly-based
    • Host-based and network-based
cooperative ids
Cooperative IDS
  • IDSs use collective information from others to make more accurate intrusion detection
  • Several features of CIDN
    • Topology
    • Cooperation Scope
    • Specialization
    • Cooperation Technology
cooperation technology
Cooperation Technology
  • Data Correlation
  • Trust Management
  • Load balance
indra
Indra
  • A early proposal on Cooperative intrusion detection
  • Cooperation nodes take proactive approach to share black list with others
domino
DOMINO
  • Monitor internet outbreaks for large-scale networks
  • Nodes are organized hierarchically
  • Different roles are assigned to nodes
dshield
Dshield
  • A centralized firewall log correlation system
  • Data is from the SANS internet storm center
  • Not a real time analysis system
  • Data payload is removed for privacy concern
netshield
NetShield
  • A fully distributed system to monitor epidemic worm and DoS attacks
  • The DHT Chord P2P system is used to load-balance the participating nodes
  • Alarm is triggered if the local prevalence of a content block exceeds a threshold
  • Only works on worms with fixed attacking traces, not work on polymorphic worms
gossip based intrusion detection
Gossip-based Intrusion Detection
  • A local epidemic worm monitoring system
  • A local detector raises a alert when the number of newly created connections exceeds a threshold
  • A Bayesian network analysis system is used to correlate and aggregate alerts
abdias
ABDIAS
  • Agent-based Distributed alert system
  • IDSs are grouped into communities
  • Intra-community/inter-community communication
  • A Bayesian network system is used to make decisions
slide14
CRIM
  • A centralized system to collect alerts from participating IDSs
  • Alert correlation rules are generated by humans offline
  • New rules are used to detect global-wide intrusions
host based cids
Host-based CIDS
  • A cooperative intrusion system where IDSs share detection experience with others
  • Alerts from one host is sent to neighbors for analysis
  • Feedback is aggregated based on the trust-worthiness of the neighbor
  • Trust values are updated after every interaction experience
alpacas
ALPACAS
  • A cooperative spam filtering system
  • Preserve the privacy of the email owners
  • A p2p system is used for the scalability of the system
  • Emails are divided into feature trunks and digested into feature finger prints
smartscreen
SmartScreen
  • Phsihing URL filtering system in IE8
  • Allow users to report phishing websites
  • A centralized decision system to analyze collected data and make generate the blacklist
  • Users browsing a phishing site will be warned by SmartScreen
ffcidn
FFCIDN
  • A collaborative intrusion detection network to detect fastflux botnet
  • Observe the number of unique IP addresses a domain has.
  • A threshold is derived to decide whether the domain is a fastflux phishing domain
open challenges
Open Challenges
  • Privacy of the exchanged information
  • Incentive of IDS cooperation
  • Botnet detection and removal
conclusion
Conclusion
  • CIDNs use collective information from participants to achieve higher intrusion detection accuracy
  • A taxonomy to categorize different CIDNs
    • Four features are proposed for the taxonomy
  • The future challenges include how to encourage participation and provide privacy for data-sharing among IDSs
ad