Proceedings ArticleDOI
A Trust-Aware, P2P-Based Overlay for Intrusion Detection
Claudiu Duma,Martin Karresand,Nahid Shahmehri,Germano Caronni +3 more
- pp 692-697
Reads0
Chats0
TLDR
A P2P-based overlay for intrusion detection (overlay IDS) that addresses the insider threat by means of a trust-aware engine for correlating alerts and an adaptive scheme for managing trust is proposed.Abstract:
Collaborative intrusion detection systems (IDSs) have a great potential for addressing the challenges posed by the increasing aggressiveness of current Internet attacks. However, one of the major concerns with the proposed collaborative IDSs is their vulnerability to the insider threat. Malicious intruders, infiltrating such a system, could poison the collaborative detectors with false alarms, disrupting the intrusion detection functionality and placing at risk the whole system. In this paper, we propose a P2P-based overlay for intrusion detection (Overlay IDS) that addresses the insider threat by means of a trust-aware engine for correlating alerts and an adaptive scheme for managing trust. We have implemented our system using JXTA framework and we have evaluated its effectiveness for preventing the spread of a real Internet worm over an emulated network. The evaluation results show that our Overlay IDS significantly increases the overall survival rate of the network.read more
Citations
More filters
Journal ArticleDOI
Game theory meets network security and privacy
TL;DR: This survey provides a structured and comprehensive overview of research on security and privacy in computer and communication networks that use game-theoretic approaches and provides a discussion on the advantages, drawbacks, and future direction of using game theory in this field.
Journal ArticleDOI
Collaborative Security: A Survey and Taxonomy
TL;DR: A comprehensive study of different mechanisms of collaboration and defense in collaborative security, covering six types of security systems, with the goal of helping to make collaborative security systems more resilient and efficient.
Journal ArticleDOI
When Intrusion Detection Meets Blockchain Technology: A Review
TL;DR: The background of intrusion detection and blockchain is introduced, the applicability of blockchain to intrusion detection is discussed, and open challenges in this direction are identified.
Journal ArticleDOI
Taxonomy and Survey of Collaborative Intrusion Detection
TL;DR: The entire framework of requirements, building blocks, and attacks as introduced is used for a comprehensive analysis of the state of the art in collaborative intrusion detection, including a detailed survey and comparison of specific CIDS approaches.
Journal ArticleDOI
Enhancing Medical Smartphone Networks via Blockchain-Based Trust Management Against Insider Attacks
Weizhi Meng,Wenjuan Li,Liqiu Zhu +2 more
TL;DR: The general goal is to investigate the performance of blockchain-based trust management, and experimental results demonstrate that blockchain technology can help improve the detection efficiency of detecting malicious nodes with reasonable workload.
References
More filters
The Intrusion Detection Message Exchange Format (IDMEF)
TL;DR: A data model to represent information exported by intrusion detection systems and the rationale for using this model is explained and an implementation of the data model in the Extensible Markup Language (XML) is presented.
Book ChapterDOI
A mission-impact-based approach to INFOSEC alarm correlation
TL;DR: The intent of this work is to deliver an automated capability to reduce the time and cost of managing multiple INFOSEC devices through a strategy of topology analysis, alert prioritization, and common attribute-based alert aggregation.
Journal ArticleDOI
Cooperating security managers: a peer-based intrusion detection system
TL;DR: Cooperating security managers (CSM) is designed to perform intrusion detection and reporting functions in a distributed environment without requiring a designated central site or server to perform the analysis of network audit data.
Journal Article
M2D2: A formal data model for IDS alert correlation
TL;DR: In this paper, the authors propose a data model for IDS alert correlation called M2D2, which uses four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities of the security tools used for the monitoring, and information about events observed.
Book ChapterDOI
M2D2: a formal data model for IDS alert correlation
TL;DR: A data model for IDS alert correlation called M2D2 is proposed, which supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities,Information about the security tools used for the monitoring, and information aboutThe events observed.