A Framework for Cooperative Intrusion Detection

Get BibTex-formatted data

Author

Deborah Frinke, Don Tobin, Jesse McConnell, Jamie Marconi, Dean Polla

Entry type

article

Abstract

The trend towards a strong interdependence among networks has serious security implications. Not only does the compromise of one network adversely affect resources needed by others, but the compromised network may be part of a multi-network attack targeting other systems. The task of identifying such attacks in progress can be quite difficult. Other researchers have found that data sharing is needed to detect many systemic attacks involving multiple hosts even within a single network [PN97]. Systems such as DIDS and EMERALD have been developed to gather and analyze such data network and enterprise-wide, respectively. However, neither system addresses data sharing between networks that lack central administration. This paper identifies some of the issues that need to be addressed if cooperative intrusion detection using data sharing between distinct sites is to become a viable option, and provides a set of requirements for designing such a system. A substantial subset of these requirements have been modelled in a functional cooperative data sharing system.

URL

https://eprints.kfupm.edu.sa/17910/1/17910.pdf

Key alpha

Frinke

Publication Date

2001-01-01

Keywords

DIDS, EMERALD

Language

English

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Frinke,
	title = "A Framework for Cooperative Intrusion Detection",
	author = "Deborah Frinke, Don Tobin, Jesse McConnell, Jamie Marconi, Dean Polla",
	abstract = "The trend towards a strong interdependence among networks has serious security implications.  Not only does the compromise of one network adversely affect resources needed by others, but the compromised network may be part of a multi-network attack targeting other systems.  The task of identifying such attacks in progress can be quite difficult.  Other researchers have found that data sharing is needed to detect many systemic attacks involving multiple hosts even within a single network [PN97].  Systems such as DIDS and EMERALD have been developed to gather and analyze such data network and enterprise-wide, respectively.  However, neither system addresses data sharing between networks that lack central administration.  This paper identifies some of the issues that need to be addressed if cooperative intrusion detection using data sharing between distinct sites is to become a viable option, and provides a set of requirements for designing such a system.  A substantial subset of these requirements have been modelled in a functional cooperative data sharing system.",
	keywords = "DIDS, EMERALD",
	language = "English",
	url = "https://eprints.kfupm.edu.sa/17910/1/17910.pdf",
}