Intrusion detection in distributed systems using fingerprinting and massive event correlation
Vorschaubild nicht verfügbar
ISSN der Zeitschrift
INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt
Regular Research Papers
Gesellschaft für Informatik e.V.
New computing paradigms, such as mobile computing and cloud computing introduce considerable vulnerabilities to today's society. Systems do not only become more and more connected and interdependent, but multi-billion dollar markets have led to the emergence of new – economically motivated – forms of crime. Additionally, since most of today's critical infrastructures are controlled by complex ICT systems, service outages due to attacks can cause serious situations. However, because of the increasing scale and complexity of today's networked infrastructures, traditional protection mechanisms, such as firewalls and anti-virus software seem to become insufficient to guarantee an adequate level of security. In this paper, we present a novel intrusion detection concept which utilizes distributed monitoring and massive data correlation techniques to discover potential attack traces. This is crucial to establish situational awareness on a higher level and finally make informed decisions on mitigation strategies. In contrast to many others, this approach operates not on the network layer, but uses semantically rich service logs. We demonstrate the feasibility of our fingerprint-based anomaly detection approach in context of a real-world use cases and discuss its applicability.