The complexity of modern networked informationsystems, as well as all the defense-in-depth best practices,require distributed intrusion detection architectures relying onthe cooperation of multiple components. Similar solutions causea multiplication of alerts, thus increasing the time needed for alertmanagement and hiding the few critical alerts as needles in ahay stack. We propose an innovative distributed architecture forintrusion detection that is able to provide system administratorswith selective and early security warnings. This architecture issuitable to large networks composed by several departmentsbecause it leverages hierarchical and peer-to-peer cooperationschemes among distributed NIDSes. Moreover, it embeds adistributed alert ranking system that makes it possible to evaluatethe real level of risk represented by a security alert generatedby a NIDS, and it allows independent network departments toexchange early warnings about critical threats. Thanks to thesefeatures, a system administrator can focus on the few alertsthat represent a real threat for the controlled infrastructure andcan be notified about the most dangerous intrusions before hisdepartment is attacked.

Selective and early threat detection in large networked systems / Colajanni, Michele; Marchetti, Mirco; Messori, Michele. - STAMPA. - (2010), pp. 604-611. (Intervento presentato al convegno Proc. of the 10th IEEE International Conference on Computer and Infromation Technology (CIT 2010) tenutosi a Bradford nel 2010-June) [10.1109/CIT.2010.124].

Selective and early threat detection in large networked systems

COLAJANNI, Michele;MARCHETTI, Mirco;MESSORI, MICHELE
2010

Abstract

The complexity of modern networked informationsystems, as well as all the defense-in-depth best practices,require distributed intrusion detection architectures relying onthe cooperation of multiple components. Similar solutions causea multiplication of alerts, thus increasing the time needed for alertmanagement and hiding the few critical alerts as needles in ahay stack. We propose an innovative distributed architecture forintrusion detection that is able to provide system administratorswith selective and early security warnings. This architecture issuitable to large networks composed by several departmentsbecause it leverages hierarchical and peer-to-peer cooperationschemes among distributed NIDSes. Moreover, it embeds adistributed alert ranking system that makes it possible to evaluatethe real level of risk represented by a security alert generatedby a NIDS, and it allows independent network departments toexchange early warnings about critical threats. Thanks to thesefeatures, a system administrator can focus on the few alertsthat represent a real threat for the controlled infrastructure andcan be notified about the most dangerous intrusions before hisdepartment is attacked.
2010
Proc. of the 10th IEEE International Conference on Computer and Infromation Technology (CIT 2010)
Bradford
2010-June
604
611
Colajanni, Michele; Marchetti, Mirco; Messori, Michele
Selective and early threat detection in large networked systems / Colajanni, Michele; Marchetti, Mirco; Messori, Michele. - STAMPA. - (2010), pp. 604-611. (Intervento presentato al convegno Proc. of the 10th IEEE International Conference on Computer and Infromation Technology (CIT 2010) tenutosi a Bradford nel 2010-June) [10.1109/CIT.2010.124].
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/768949
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? ND
social impact