Fast attack detection using correlation and summarizing of security alerts in grid computing networks

Due to the extensive growth of grid computing networks, security is becoming a challenge. Usual solutions are not enough to prevent sophisticated attacks fabricated by multiple users especially when the number of nodes connected to the network is changing over the time. Attackers can use multiple nodes to launch DDoS attacks which generate a large amount of security alerts. On the one hand, this large number of security alerts degrades the overall performance of the network and creates instability in the operation of the security management solutions. On the other hand, they can help in camouflaging other real attacks. To address these issues, a correlation mechanism is proposed which reduces the security alerts and continue detecting attacks in grid computing networks. To obtain the more accurate results, a major portion of the experiments are performed by launching DDoS and Brute Force (BF) attacks in real grid environment, i.e., the Grid’5000 (G5K) network.

[1]  Julien Bourgeois,et al.  A Global Security Architecture for Intrusion Detection on Computer Networks , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[2]  Christopher Krügel,et al.  Intrusion Detection and Correlation - Challenges and Solutions , 2004, Advances in Information Security.

[3]  Helen J. Wang,et al.  Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM 2004.

[4]  Anirban Chakrabarti Grid computing security , 2007 .

[5]  Richard Ford,et al.  Predation and the cost of replication: New approaches to malware prevention? , 2006, Comput. Secur..

[6]  Helen J. Wang,et al.  Shield: vulnerability-driven network filters for preventing known vulnerability exploits , 2004, SIGCOMM.

[7]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[8]  Steven Tuecke,et al.  The Open Grid Services Architecture , 2004, The Grid 2, 2nd Edition.

[9]  Stuart Staniford-chen,et al.  The Common Intrusion Detection Framework - Data Formats , 1998 .

[10]  Wanlei Zhou,et al.  Protect Grids from DDoS Attacks , 2004, GCC.

[11]  Ali Ghorbani,et al.  Alert correlation survey: framework and techniques , 2006, PST.

[12]  Julien Bourgeois,et al.  A global security architecture for intrusion detection on computer networks , 2008, Comput. Secur..

[13]  Nora Cuppens-Boulahia,et al.  Success Likelihood of Ongoing Attacks for Intrusion Detection and Response Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[14]  Ian T. Foster,et al.  Grid Services for Distributed System Integration , 2002, Computer.

[15]  Julien Bourgeois,et al.  Towards a Global Security Architecture for Intrusion Detection and Reaction Management , 2003, WISA.

[16]  Julien Bourgeois,et al.  Managing Security of Grid Architecture with a Grid Security Operation Center , 2009, SECRYPT.

[17]  Julien Bourgeois,et al.  Defining a simple metric for real-time security level evaluation of multi-sites networks , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[18]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[19]  Azman Samsudin,et al.  Grid-based intrusion detection system , 2003, 9th Asia-Pacific Conference on Communications (IEEE Cat. No.03EX732).