Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. García-Alfaro, J., Autrel, F., Borrell, J., Castillo, S., Cuppens, F., & Navarro-Arribas, G. In López, J., Qing, S., & Okamoto, E., editors, 6th International Conference on Information and communications Security, volume 3269, of Lecture Notes in Computer Science, pages 223–235, October, 2004. Springer Verlag. SCI-JCR(2004): 0.51 (Q3), (acceptance rate: 17%),ISSN 0302-9743, CORE(2008) B, CORE(2008) C, CiteSeer VIP(2007) 0.02 (371/581)
Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation [link]Paper  doi  abstract   bibtex   
We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.
@inproceedings {garcia-alfaro04:_decen_publis_subsc_system_to,
  author =       {J. Garc{\'i}a-Alfaro and F. Autrel and J. Borrell and S.
                  Castillo and F. Cuppens and G. Navarro-Arribas},
  title =        {Decentralized publish-subscribe system to prevent coordinated
                  attacks via alert correlation},
  booktitle =    {6th International Conference on Information and
                  communications Security},
  publisher =    {Springer Verlag},
  year =         2004,
  editor =       {J. López and S. Qing and E. Okamoto},
  volume =       3269,
  series =       {Lecture Notes in Computer Science},
  pages =        {223--235},
  month =        oct,
  abstract =     {We present in this paper a decentralized architecture to
                  correlate alerts between cooperative nodes in a secure
                  multicast infrastructure. The purpose of this architecture is
                  to detect and prevent the use of network resources to perform
                  coordinated attacks against third party networks. By means of
                  a cooperative scheme based on message passing, the different
                  nodes of this system will collaborate to detect its
                  participation on a coordinated attack and will react to avoid
                  it. An overview of the implementation of this architecture
                  for GNU/Linux systems will demonstrate the practicability of
                  the system.},
  keywords =     {Intrusion Detection, Publish-Subscribe Systems, Alert
                  Correlation},
  issn =         {0302-9743},
  project =      {TIC2001-5108-E, TIC2003-02041},
  doi =          {http://dx.doi.org/10.1007/b101042},
  url =
                  {https://link.springer.com/chapter/10.1007/978-3-540-30191-2_18},
  classification-cv ={lncs},
  googlescholar-citedby =11,
  accept-rate =  {42/245},
  note =         {SCI-JCR(2004): 0.51 (Q3), (acceptance rate: 17\%),ISSN
                  0302-9743, CORE(2008) B, CORE(2008) C, CiteSeer VIP(2007)
                  0.02 (371/581)},
}
Downloads: 0