The complexity of modern networked informationsystems, as well as all the defense-in-depth best practices,require distributed intrusion detection architectures relying onthe cooperation of multiple components. Similar solutions causea multiplication of alerts, thus increasing the time needed for alertmanagement and hiding the few critical alerts as needles in ahay stack. We propose an innovative distributed architecture forintrusion detection that is able to provide system administratorswith selective and early security warnings. This architecture issuitable to large networks composed by several departmentsbecause it leverages hierarchical and peer-to-peer cooperationschemes among distributed NIDSes. Moreover, it embeds adistributed alert ranking system that makes it possible to evaluatethe real level of risk represented by a security alert generatedby a NIDS, and it allows independent network departments toexchange early warnings about critical threats. Thanks to thesefeatures, a system administrator can focus on the few alertsthat represent a real threat for the controlled infrastructure andcan be notiﬁed about the most dangerous intrusions before hisdepartment is attacked.
|Data di pubblicazione:||2010|
|Titolo:||Selective and early threat detection in large networked systems|
|Autore/i:||Colajanni, Michele; Marchetti, Mirco; Messori, Michele|
|Nome del convegno:||Proc. of the 10th IEEE International Conference on Computer and Infromation Technology (CIT 2010)|
|Luogo del convegno:||Bradford|
|Data del convegno:||2010-June|
|Citazione:||Selective and early threat detection in large networked systems / Colajanni, Michele; Marchetti, Mirco; Messori, Michele. - STAMPA. - (2010), pp. 604-611. ((Intervento presentato al convegno Proc. of the 10th IEEE International Conference on Computer and Infromation Technology (CIT 2010) tenutosi a Bradford nel 2010-June.|
|Tipologia||Relazione in Atti di Convegno|
File in questo prodotto:
I documenti presenti in Iris Unimore sono rilasciati con licenza Creative Commons Attribuzione - Non commerciale - Non opere derivate 3.0 Italia, salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris