Improving Attack Aggregation Methods Using Distributed Hash Tables

Collaborative intrusion detection has several difficult subtasks to handle. Large amount of data generated by intrusion detection probes has to be handled to spot intrusions. Also, when correlating the pieces of evidence, the connection between them has to be revealed as well, as it may be the case that they are part of a complex, large-scale attack. In this article, we present a peer-to-peer network based intrusion detection system, which is able to handle the intrusion detection data efficiently while maintaining the accuracy of centralized approaches of correlation. The system is built on a distributed hash table, for which keys are assigned to each piece of intrusion data in a preprocessing step. This method allows one to make well-known correlation mechanisms work in a distributed environment. Keywords-collaborative intrusion detection; attack correlation; peer-to-peer; distributed hash table.

[1]  Richard A. Kemmerer,et al.  NSTAT: A Model-based Real-time Network Intrusion Detection System , 1998 .

[2]  C. Leckie,et al.  A peer-to-peer collaborative intrusion detection system , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.

[3]  Qi Zhang,et al.  Indra: a peer-to-peer approach to network intrusion detection and prevention , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[4]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[5]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[6]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[7]  Frédéric Cuppens,et al.  LAMBDA: A Language to Model a Database for Detection of Attacks , 2000, Recent Advances in Intrusion Detection.

[8]  Giovanni Vigna,et al.  An experience developing an IDS stimulator for the black-box testing of network intrusion detection systems , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[9]  Alfonso Valdes,et al.  Probabilistic Alert Correlation , 2001, Recent Advances in Intrusion Detection.

[10]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[11]  Diomidis Spinellis,et al.  A survey of peer-to-peer content distribution technologies , 2004, CSUR.

[12]  Diomidis Spinellis,et al.  A PRoactive malware identification system based on the computer hygiene principles , 2007, Inf. Manag. Comput. Secur..

[13]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..

[14]  H. Anthony Chan,et al.  Intrusion Detection Systems , 2010, Handbook of Information and Communication Security.