Preventing coordinated attacks via alert correlation. García-Alfaro, J., Autrel, F., Borrell, J., Bouzida, Y., Castillo, S., Cuppens, F., & Navarro-Arribas, G. In 9th Nordic Workshop on Secure IT Systems, pages 110-117, November, 2004. Departement of Computer Science at Helsinki University of Technology, Publications in Telecommunications Software and Multimedia. ISSN 1456-7911, CORE(2008) C, CORE(2013) C
abstract   bibtex   
When attackers gain access to enterprise or corporate networks by compromising authorized users, computers, or applications, the network and its resources can be used to perform distributed and coordinated attacks against third party networks, or even on computers on the network itself. We are working on a decentralized scheme to share alerts in a secure multicast infrastructure to detect and prevent these kind of attacks. In this paper we present a collaborative framework that performs coordinated attack prevention. The detection and prevention process itself is done by a set of collaborative entities that correlate and assemble the pieces of evidence scattered over the different network resources. We also provide an example of how our system can detect and prevent a coordinated attack to demonstrate the practicability of the system.
@inproceedings {garcia-alfaro04:_preven_coord_attac_via_alert_correl,
  author =       {J. Garc{\'i}a-Alfaro and F. Autrel and J. Borrell
                  and Y. Bouzida and S. Castillo and F. Cuppens and G.
                  Navarro-Arribas},
  title =        {Preventing coordinated attacks via alert
                  correlation},
  booktitle =    {9th Nordic Workshop on Secure IT Systems},
  publisher =    {Publications in Telecommunications Software and
                  Multimedia},
  year =         2004,
  editor =       {Sanna Liimatainen, Teemupekka Virtanen},
  PAGES =        {110-117},
  organization = {Departement of Computer Science at Helsinki
                  University of Technology},
  month =        nov,
  abstract =     {When attackers gain access to enterprise or
                  corporate networks by compromising authorized users,
                  computers, or applications, the network and its
                  resources can be used to perform distributed and
                  coordinated attacks against third party networks, or
                  even on computers on the network itself. We are
                  working on a decentralized scheme to share alerts in
                  a secure multicast infrastructure to detect and
                  prevent these kind of attacks. In this paper we
                  present a collaborative framework that performs
                  coordinated attack prevention. The detection and
                  prevention process itself is done by a set of
                  collaborative entities that correlate and assemble
                  the pieces of evidence scattered over the different
                  network resources. We also provide an example of how
                  our system can detect and prevent a coordinated
                  attack to demonstrate the practicability of the
                  system.},
  keywords =     {Intrusion Detection Systems, Publish-Subscribe
                  Systems, Alert Correlation},
  issn =         {1456-7911},
  project =      {TIC2001-5108-E, TIC2003-02041},
  note =         {ISSN 1456-7911, CORE(2008) C, CORE(2013) C},
}
Downloads: 0