Preventing coordinated attacks via alert correlation. García-Alfaro, J., Autrel, F., Borrell, J., Bouzida, Y., Castillo, S., Cuppens, F., & Navarro-Arribas, G. In 9th Nordic Workshop on Secure IT Systems, pages 110-117, November, 2004. Departement of Computer Science at Helsinki University of Technology, Publications in Telecommunications Software and Multimedia. ISSN 1456-7911, CORE(2008) C, CORE(2013) Cabstract bibtex When attackers gain access to enterprise or corporate networks by compromising authorized users, computers, or applications, the network and its resources can be used to perform distributed and coordinated attacks against third party networks, or even on computers on the network itself. We are working on a decentralized scheme to share alerts in a secure multicast infrastructure to detect and prevent these kind of attacks. In this paper we present a collaborative framework that performs coordinated attack prevention. The detection and prevention process itself is done by a set of collaborative entities that correlate and assemble the pieces of evidence scattered over the different network resources. We also provide an example of how our system can detect and prevent a coordinated attack to demonstrate the practicability of the system.
@inproceedings {garcia-alfaro04:_preven_coord_attac_via_alert_correl,
author = {J. Garc{\'i}a-Alfaro and F. Autrel and J. Borrell
and Y. Bouzida and S. Castillo and F. Cuppens and G.
Navarro-Arribas},
title = {Preventing coordinated attacks via alert
correlation},
booktitle = {9th Nordic Workshop on Secure IT Systems},
publisher = {Publications in Telecommunications Software and
Multimedia},
year = 2004,
editor = {Sanna Liimatainen, Teemupekka Virtanen},
PAGES = {110-117},
organization = {Departement of Computer Science at Helsinki
University of Technology},
month = nov,
abstract = {When attackers gain access to enterprise or
corporate networks by compromising authorized users,
computers, or applications, the network and its
resources can be used to perform distributed and
coordinated attacks against third party networks, or
even on computers on the network itself. We are
working on a decentralized scheme to share alerts in
a secure multicast infrastructure to detect and
prevent these kind of attacks. In this paper we
present a collaborative framework that performs
coordinated attack prevention. The detection and
prevention process itself is done by a set of
collaborative entities that correlate and assemble
the pieces of evidence scattered over the different
network resources. We also provide an example of how
our system can detect and prevent a coordinated
attack to demonstrate the practicability of the
system.},
keywords = {Intrusion Detection Systems, Publish-Subscribe
Systems, Alert Correlation},
issn = {1456-7911},
project = {TIC2001-5108-E, TIC2003-02041},
note = {ISSN 1456-7911, CORE(2008) C, CORE(2013) C},
}
Downloads: 0
{"_id":"i9ipn2g7T3YLRvbQA","bibbaseid":"garciaalfaro-autrel-borrell-bouzida-castillo-cuppens-navarroarribas-preventingcoordinatedattacksviaalertcorrelation-2004","authorIDs":["5e6808c6c1fce0de01000298","5e681c7bdfcfe3de010000da","5e681d86dfcfe3de010000f7","5e681e9fdfcfe3de01000123","5e681ff7dfcfe3de0100015b","5e68d55eae547ede01000241","FbhxrzRGHmB5ZLkdW","Rq2LaHi2k4LG2oJWA","XPSxWaR7aNza6tAag","bDunKxAWaFaoSZHTh","ep5R5PJemmENxrMNS","xepEiEC24XXQFT8fb"],"author_short":["García-Alfaro, J.","Autrel, F.","Borrell, J.","Bouzida, Y.","Castillo, S.","Cuppens, F.","Navarro-Arribas, G."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"firstnames":["J."],"propositions":[],"lastnames":["García-Alfaro"],"suffixes":[]},{"firstnames":["F."],"propositions":[],"lastnames":["Autrel"],"suffixes":[]},{"firstnames":["J."],"propositions":[],"lastnames":["Borrell"],"suffixes":[]},{"firstnames":["Y."],"propositions":[],"lastnames":["Bouzida"],"suffixes":[]},{"firstnames":["S."],"propositions":[],"lastnames":["Castillo"],"suffixes":[]},{"firstnames":["F."],"propositions":[],"lastnames":["Cuppens"],"suffixes":[]},{"firstnames":["G."],"propositions":[],"lastnames":["Navarro-Arribas"],"suffixes":[]}],"title":"Preventing coordinated attacks via alert correlation","booktitle":"9th Nordic Workshop on Secure IT Systems","publisher":"Publications in Telecommunications Software and Multimedia","year":"2004","editor":[{"propositions":[],"lastnames":["Sanna","Liimatainen"],"firstnames":["Teemupekka","Virtanen"],"suffixes":[]}],"pages":"110-117","organization":"Departement of Computer Science at Helsinki University of Technology","month":"November","abstract":"When attackers gain access to enterprise or corporate networks by compromising authorized users, computers, or applications, the network and its resources can be used to perform distributed and coordinated attacks against third party networks, or even on computers on the network itself. We are working on a decentralized scheme to share alerts in a secure multicast infrastructure to detect and prevent these kind of attacks. In this paper we present a collaborative framework that performs coordinated attack prevention. The detection and prevention process itself is done by a set of collaborative entities that correlate and assemble the pieces of evidence scattered over the different network resources. We also provide an example of how our system can detect and prevent a coordinated attack to demonstrate the practicability of the system.","keywords":"Intrusion Detection Systems, Publish-Subscribe Systems, Alert Correlation","issn":"1456-7911","project":"TIC2001-5108-E, TIC2003-02041","note":"ISSN 1456-7911, CORE(2008) C, CORE(2013) C","bibtex":"@inproceedings {garcia-alfaro04:_preven_coord_attac_via_alert_correl,\n author = {J. Garc{\\'i}a-Alfaro and F. Autrel and J. Borrell\n and Y. Bouzida and S. Castillo and F. Cuppens and G.\n Navarro-Arribas},\n title = {Preventing coordinated attacks via alert\n correlation},\n booktitle = {9th Nordic Workshop on Secure IT Systems},\n publisher = {Publications in Telecommunications Software and\n Multimedia},\n year = 2004,\n editor = {Sanna Liimatainen, Teemupekka Virtanen},\n PAGES = {110-117},\n organization = {Departement of Computer Science at Helsinki\n University of Technology},\n month = nov,\n abstract = {When attackers gain access to enterprise or\n corporate networks by compromising authorized users,\n computers, or applications, the network and its\n resources can be used to perform distributed and\n coordinated attacks against third party networks, or\n even on computers on the network itself. We are\n working on a decentralized scheme to share alerts in\n a secure multicast infrastructure to detect and\n prevent these kind of attacks. In this paper we\n present a collaborative framework that performs\n coordinated attack prevention. The detection and\n prevention process itself is done by a set of\n collaborative entities that correlate and assemble\n the pieces of evidence scattered over the different\n network resources. We also provide an example of how\n our system can detect and prevent a coordinated\n attack to demonstrate the practicability of the\n system.},\n keywords = {Intrusion Detection Systems, Publish-Subscribe\n Systems, Alert Correlation},\n issn = {1456-7911},\n project = {TIC2001-5108-E, TIC2003-02041},\n note = {ISSN 1456-7911, CORE(2008) C, CORE(2013) C},\n}\n\n\n","author_short":["García-Alfaro, J.","Autrel, F.","Borrell, J.","Bouzida, Y.","Castillo, S.","Cuppens, F.","Navarro-Arribas, G."],"editor_short":["Sanna Liimatainen, T. V."],"key":"garcia-alfaro04:_preven_coord_attac_via_alert_correl","id":"garcia-alfaro04:_preven_coord_attac_via_alert_correl","bibbaseid":"garciaalfaro-autrel-borrell-bouzida-castillo-cuppens-navarroarribas-preventingcoordinatedattacksviaalertcorrelation-2004","role":"author","urls":{},"keyword":["Intrusion Detection Systems","Publish-Subscribe Systems","Alert Correlation"],"downloads":0,"html":""},"bibtype":"inproceedings","biburl":"http://www.deic.uab.cat/~guille/fullbib.bib","creationDate":"2020-03-10T21:38:14.500Z","downloads":0,"keywords":["intrusion detection systems","publish-subscribe systems","alert correlation"],"search_terms":["preventing","coordinated","attacks","via","alert","correlation","garcía-alfaro","autrel","borrell","bouzida","castillo","cuppens","navarro-arribas"],"title":"Preventing coordinated attacks via alert correlation","year":2004,"dataSources":["MhcFKWEyNPt5DaDvq"]}