This chapter describes a distributed architecture for collaborative detection of cyber attacks and network intrusions based on distributed hash tables (DHTs). We present a high-level description of the distributed architecture for collaborative attack detection. In particular, we highlight the two main functional blocks: the collaboration layer, realized through a DHT, and the engine for complex event processing. We then describe the implementation of a working prototype of the proposed architecture that represents one of the Semantic Rooms of the CoMiFin project. Our reference implementation is implemented through well-known open source software. In particular, the DHT leverages Scribe and PAST, while we use Esper as the CEP engine. We demonstrate how the proposed implementation can be used to realize a collaborative architecture for the early detection of real-world attacks carried out against financial institutions. We focus on the detection of Man-in-the-Middle attacks to demonstrate the effectiveness of our proposal. Finally, we highlight the main advantages of the proposed architecture with respect to traditional (centralized and hierarchical) solutions for intrusion detection. In particular, we address the issues of fault tolerance, scalability, and load balancing.

Collaborative Attack Detection Using Distributed Hash Tables / Angori, Enrico; Colajanni, Michele; Marchetti, Mirco; Messori, Michele. - STAMPA. - (2012), pp. 175-201. [10.1007/978-3-642-20420-3_9]

Collaborative Attack Detection Using Distributed Hash Tables

COLAJANNI, Michele;MARCHETTI, Mirco;MESSORI, MICHELE
2012

Abstract

This chapter describes a distributed architecture for collaborative detection of cyber attacks and network intrusions based on distributed hash tables (DHTs). We present a high-level description of the distributed architecture for collaborative attack detection. In particular, we highlight the two main functional blocks: the collaboration layer, realized through a DHT, and the engine for complex event processing. We then describe the implementation of a working prototype of the proposed architecture that represents one of the Semantic Rooms of the CoMiFin project. Our reference implementation is implemented through well-known open source software. In particular, the DHT leverages Scribe and PAST, while we use Esper as the CEP engine. We demonstrate how the proposed implementation can be used to realize a collaborative architecture for the early detection of real-world attacks carried out against financial institutions. We focus on the detection of Man-in-the-Middle attacks to demonstrate the effectiveness of our proposal. Finally, we highlight the main advantages of the proposed architecture with respect to traditional (centralized and hierarchical) solutions for intrusion detection. In particular, we address the issues of fault tolerance, scalability, and load balancing.
2012
Collaborative Financial Infrastructure Protection
9783642204197
Springer
GERMANIA
Collaborative Attack Detection Using Distributed Hash Tables / Angori, Enrico; Colajanni, Michele; Marchetti, Mirco; Messori, Michele. - STAMPA. - (2012), pp. 175-201. [10.1007/978-3-642-20420-3_9]
Angori, Enrico; Colajanni, Michele; Marchetti, Mirco; Messori, Michele
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/769020
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact