CARDS: A Distributed System for Detecting Coordinated Attacks
نویسندگان
چکیده
A major research problem in intrusion detection is the efficient Detection of coordinated attacks over large networks. Issues to be resolved include determining what data should be collected, which portion of the data should be analyzed, where the analysis of the data should take place, and how to correlate multi-source information. This paper proposes the architecture of a Coordinated Attack Response & Detection System (CARDS). CARDS uses a signature-based model for resolving these issues. It consists of signature managers, monitors, and directory services. The system collects data in a flexible, distributed manner, and the detection process is decentralized among various monitors and is event-driven. The paper also discusses related implementation issues.
منابع مشابه
A survey of coordinated attacks and collaborative intrusion detection
Coordinated attacks, such as large-scale stealthy scans, worm outbreaks and distributed denial-of-service (DDoS) attacks, occur in multiple networks simultaneously. Such attacks are extremely difficult to detect using isolated intrusion detection systems (IDSs) that monitor only a limited portion of the Internet. In this paper, we summarize the current research directions in detecting such atta...
متن کاملGPS Jamming Detection in UAV Navigation Using Visual Odometry and HOD Trajectory Descriptor
Auto-navigating of unmanned aerial vehicles (UAV) in the outdoor environment is performed by using the Global positioning system (GPS) receiver. The power of the GPS signal on the earth surface is very low. This can affect the performance of GPS receivers in the environments contaminated with the other source of radio frequency interference (RFI). GPS jamming and spoofing are the most serious a...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملAnalysis Techniques for Detecting Coordinated Attacks and Probes
Coordinated attacks and probes have been observed against several networks that we protect. We describe some of these attacks and provide insight into how and why they are carried out. We also suggest hypotheses for some of the more puzzling probes. Methods for detecting these coordinated attacks are
متن کاملCoordinated Scan Detection
Coordinated attacks, where the tasks involved in an attack are distributed amongst multiple sources, can be used by an adversary to obfuscate his incursion. In this paper we present an approach to detecting coordinated attacks that is based on adversary modeling of the desired information gain. A detection algorithm is developed that is based on solutions to the set covering problem, where we a...
متن کامل