Intrusion detection in distributed systems using fingerprinting and massive event correlation
dc.contributor.author | Skopik, Florian | |
dc.contributor.author | Fiedler, Roman | |
dc.contributor.editor | Horbach, Matthias | |
dc.date.accessioned | 2019-03-07T09:31:45Z | |
dc.date.available | 2019-03-07T09:31:45Z | |
dc.date.issued | 2013 | |
dc.description.abstract | New computing paradigms, such as mobile computing and cloud computing introduce considerable vulnerabilities to today's society. Systems do not only become more and more connected and interdependent, but multi-billion dollar markets have led to the emergence of new – economically motivated – forms of crime. Additionally, since most of today's critical infrastructures are controlled by complex ICT systems, service outages due to attacks can cause serious situations. However, because of the increasing scale and complexity of today's networked infrastructures, traditional protection mechanisms, such as firewalls and anti-virus software seem to become insufficient to guarantee an adequate level of security. In this paper, we present a novel intrusion detection concept which utilizes distributed monitoring and massive data correlation techniques to discover potential attack traces. This is crucial to establish situational awareness on a higher level and finally make informed decisions on mitigation strategies. In contrast to many others, this approach operates not on the network layer, but uses semantically rich service logs. We demonstrate the feasibility of our fingerprint-based anomaly detection approach in context of a real-world use cases and discuss its applicability. | en |
dc.identifier.isbn | 978-3-88579-614-5 | |
dc.identifier.pissn | 1617-5468 | |
dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/20652 | |
dc.language.iso | en | |
dc.publisher | Gesellschaft für Informatik e.V. | |
dc.relation.ispartof | INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt | |
dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-220 | |
dc.title | Intrusion detection in distributed systems using fingerprinting and massive event correlation | en |
dc.type | Text/Conference Paper | |
gi.citation.endPage | 2254 | |
gi.citation.publisherPlace | Bonn | |
gi.citation.startPage | 2240 | |
gi.conference.date | 16.-20. September 2013 | |
gi.conference.location | Koblenz | |
gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1