Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation
نویسندگان
چکیده
We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.
منابع مشابه
Preventing Coordinated Attacks Via Distributed Alert Exchange
Attacks on information systems followed by intrusions may cause large revenue losses. The prevention of both is not always possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to recognize and react to the different actions of such an attack. The design and deployment of a decentralized system targeted at detecting as well...
متن کاملDecoupling Components of an Attack Prevention System Using Publish/Subscribe
Distributed and coordinated attacks can disrupt electronic commerce applications and cause large revenue losses. The prevention of these attacks is not possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to react against the different actions of such an attack. We are currently working on a decentralized attack prevention...
متن کاملCausality and intervention for alarm correlation : A Naive Bayes approach for detecting coordinated attacks – Délivrable n8
Alert correlation is a very useful mechanism to reduce the high volume of reported alerts and to detect complex and coordinated attacks. Existing approaches either require a large amount of expert knowledge or use simple similarity measures that prevent detecting complex attacks. They also suffer from high computational issues due, for instance, to a high number of possible scenarios. In this p...
متن کاملδ-Fault-Tolerant Publish/Subscribe Systems
In this paper, we study reliable distributed publish/subscribe (P/S) systems that can “tolerate” mul-tiple simultaneous node crash failures. We formally define a routing consistency property, and proposescalable algorithms that establish and maintain consistency in order to guarantee reliable, in-order, andduplicate-free delivery of messages. Furthermore, we introduce a system confi...
متن کاملXlPPX: A Lightweight Framework for Privacy Preserving P2P XML Databases in Very Large Publish-Subscribe Systems
The problem of supporting privacy preservation of XML databases within very large publish-subscribe systems is rapidly gaining interest for both academic and industrial research. It becomes even more challenging when XML data are managed and delivered according to the P2P paradigm, since malicious accesses and unpredictable attacks could take advantage from the totally-decentralized and untrust...
متن کامل