Framework for evaluating collaborative intrusion detection systems
Author:
Abstract
Securing IT infrastructures of our modern lives is a challenging task because of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing. In this work, we present CIDE, a Collaborative Intrusion Detection Extension for the network security simulation platform (NeSSi2). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malwarebased attacks. The CIDE simulation environment provides functionalities for easy implementation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other.
- Citation
- BibTeX
Grunewald, D., Chinnow, J., Bye, R., Camtepe, A. & Albayrak, S.,
(2011).
Framework for evaluating collaborative intrusion detection systems.
In:
Heiß, H.-U., Pepper, P., Schlingloff, H. & Schneider, J.
(Hrsg.),
INFORMATIK 2011 – Informatik schafft Communities.
Bonn:
Gesellschaft für Informatik e.V..
(S. 116-116).
@inproceedings{mci/Grunewald2011,
author = {Grunewald, Dennis AND Chinnow, Joel AND Bye, Rainer AND Camtepe, Ahmet AND Albayrak, Sahin},
title = {Framework for evaluating collaborative intrusion detection systems},
booktitle = {INFORMATIK 2011 – Informatik schafft Communities},
year = {2011},
editor = {Heiß, Hans-Ulrich AND Pepper, Peter AND Schlingloff, Holger AND Schneider, Jörg} ,
pages = { 116-116 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Grunewald, Dennis AND Chinnow, Joel AND Bye, Rainer AND Camtepe, Ahmet AND Albayrak, Sahin},
title = {Framework for evaluating collaborative intrusion detection systems},
booktitle = {INFORMATIK 2011 – Informatik schafft Communities},
year = {2011},
editor = {Heiß, Hans-Ulrich AND Pepper, Peter AND Schlingloff, Holger AND Schneider, Jörg} ,
pages = { 116-116 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
ISBN: 978-88579-286-4
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2011
Language:
(en)

Content Type: Text/Conference Paper