The complexity of modern networked informationsystems, as well as all the defense-in-depth best practices,require distributed intrusion detection architectures relying onthe cooperation of multiple components. Similar solutions causea multiplication of alerts, thus increasing the time needed for alertmanagement and hiding the few critical alerts as needles in ahay stack. We propose an innovative distributed architecture forintrusion detection that is able to provide system administratorswith selective and early security warnings. This architecture issuitable to large networks composed by several departmentsbecause it leverages hierarchical and peer-to-peer cooperationschemes among distributed NIDSes. Moreover, it embeds adistributed alert ranking system that makes it possible to evaluatethe real level of risk represented by a security alert generatedby a NIDS, and it allows independent network departments toexchange early warnings about critical threats. Thanks to thesefeatures, a system administrator can focus on the few alertsthat represent a real threat for the controlled infrastructure andcan be notified about the most dangerous intrusions before hisdepartment is attacked.
Selective and early threat detection in large networked systems / Colajanni, Michele; Marchetti, Mirco; Messori, Michele. - STAMPA. - (2010), pp. 604-611. (Intervento presentato al convegno Proc. of the 10th IEEE International Conference on Computer and Infromation Technology (CIT 2010) tenutosi a Bradford nel 2010-June) [10.1109/CIT.2010.124].
Selective and early threat detection in large networked systems
COLAJANNI, Michele;MARCHETTI, Mirco;MESSORI, MICHELE
2010
Abstract
The complexity of modern networked informationsystems, as well as all the defense-in-depth best practices,require distributed intrusion detection architectures relying onthe cooperation of multiple components. Similar solutions causea multiplication of alerts, thus increasing the time needed for alertmanagement and hiding the few critical alerts as needles in ahay stack. We propose an innovative distributed architecture forintrusion detection that is able to provide system administratorswith selective and early security warnings. This architecture issuitable to large networks composed by several departmentsbecause it leverages hierarchical and peer-to-peer cooperationschemes among distributed NIDSes. Moreover, it embeds adistributed alert ranking system that makes it possible to evaluatethe real level of risk represented by a security alert generatedby a NIDS, and it allows independent network departments toexchange early warnings about critical threats. Thanks to thesefeatures, a system administrator can focus on the few alertsthat represent a real threat for the controlled infrastructure andcan be notified about the most dangerous intrusions before hisdepartment is attacked.Pubblicazioni consigliate
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris