The Journal of Supercomputing

, Volume 62, Issue 2, pp 804–827 | Cite as

Fast attack detection using correlation and summarizing of security alerts in grid computing networks

  • Raheel Hassan Syed
  • Jasmina Pazardzievska
  • Julien Bourgeois


Due to the extensive growth of grid computing networks, security is becoming a challenge. Usual solutions are not enough to prevent sophisticated attacks fabricated by multiple users especially when the number of nodes connected to the network is changing over the time. Attackers can use multiple nodes to launch DDoS attacks which generate a large amount of security alerts. On the one hand, this large number of security alerts degrades the overall performance of the network and creates instability in the operation of the security management solutions. On the other hand, they can help in camouflaging other real attacks. To address these issues, a correlation mechanism is proposed which reduces the security alerts and continue detecting attacks in grid computing networks. To obtain the more accurate results, a major portion of the experiments are performed by launching DDoS and Brute Force (BF) attacks in real grid environment, i.e., the Grid’5000 (G5K) network.


Management of security in grid computing networks GSOC Grid IDS Grid security operation center 



Thanks to the Laboratory of Computer Science University of Franche-Comte, France, the Higher Education Commission and Quaid-e-Awam University of Engineering, Sciences, and Technology, Pakistan, for supporting our work financially, and to the Grid’5000 network for providing us with the platform to perform tests.


  1. 1.
    Bourgeois J, Hassan SR (2009) Managing security of grid architecture with a grid security operation center. In: SECRYPT’09, int conf on security and cryptography, Milan, Italy. INSTICC Press, pp 403–408 Google Scholar
  2. 2.
    Bourgeois J, Bidou R, Spies F (2003) Towards a global security architecture for intrusion detection and reaction management. In: Chae K, Yung M (eds) Proc of the 4th int workshop on information security applications, WISA 2003, Jeju, Corea, August 2003. LNCS, vol 2908. Springer, Berlin, pp 129–142 Google Scholar
  3. 3.
    Chakrabarti A (2007) Grid computing security. Springer, Berlin MATHGoogle Scholar
  4. 4.
    Choon OT, Samsudin A (2003) Grid-based intrusion detection system. In: The 9th Asia-Pacific conference on communications, APCC 2003, 21–24 Sept 2003, vol 3, pp 1028–1032. ISBN 0-7803-8114-9 CrossRefGoogle Scholar
  5. 5.
    Common vulnerabilities and exposures is a dictionary of publicly known information security vulnerabilities and exposures (2010).
  6. 6.
    Ford R, Bush M, Bulatov A (2006) Predation and the cost of replication: new approaches to malware prevention? Comput Secur 25(4):257–264 CrossRefGoogle Scholar
  7. 7.
    Foster I, Kesselman C, Nick JM, Tuecke S (2002) The physiology of the grid: an open grid services architecture for distributed systems integration.
  8. 8.
    Ganame AK, Bourgeois J, Bidou R, Spies F (2008) A global security architecture for intrusion detection on computer networks. Comput Secur 27(1–2):30–47 CrossRefGoogle Scholar
  9. 9.
    Grid’5000 is a scientific instrument for the study of large scale parallel and distributed systems (2010).
  10. 10.
    Guess who is a password brute force utility for attacking secure shell version 2 accounts (2010).
  11. 11.
    Hping is a command-line oriented TCP/IP packet assembler/analyzer (2011).
  12. 12.
    Kanoun W, Cuppens-Boulahia N, Cuppens F, Dubus S, Martin A (2009) Success likelihood of ongoing attacks for intrusion detection and response systems. In: Proceedings of the 2009 international conference on computational science and engineering, vol 3. IEEE Comput Soc, Washington, pp 83–91 CrossRefGoogle Scholar
  13. 13.
    Karim GA, Bourgeois J (2008) Defining a simple metric for real-time security level evaluation of multi-sites networks. In: IEEE international symposium on parallel and distributed processing, IPDPS 2008, 14–18 April 2008, pp 1–8 Google Scholar
  14. 14.
    Kruegel C (2004) Intrusion detection and correlation: challenges and solutions. Springer TELOS, Santa Clara Google Scholar
  15. 15.
    Kun JM (2010) Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer Google Scholar
  16. 16.
    Open source security information and event management (OSSIM) (2011).
  17. 17.
    Porras P, Schnackenberg D, Staniford-Chen S, Stillman M, Wu F (1998) The common intrusion detection framework architecture (CIDF).
  18. 18.
    Sadoddin R, Ghorbani A (2006) Alert correlation survey: framework and techniques. In: Proceedings of the 2006 international conference on privacy, security and trust: bridge the gap between PST technologies and business services, PST’06. ACM, New York, pp 1–10 CrossRefGoogle Scholar
  19. 19.
    Staniford-Chen, S, Tung, B, Porras, P, Kahn, C, Schnackenberg, D, Feiertag, R, Stillman, M (1998) The common intrusion detection framework data formats.
  20. 20.
    Sventek (2010) Apsend is a TCP/IP packet sender to test firewalls and other network applications.
  21. 21.
    The open grid services architecture, version 1.5 (2002–2006).
  22. 22.
    van Hauser (2010) The hacker’s choice, a very fast network logon cracker which support many different services.
  23. 23.
    Wang HJ, Guo C, Simon DR, Zugenmaier A (2004) Shield: vulnerability-driven network filters for preventing known vulnerability exploits. Comput Commun Rev 34:193–204 CrossRefGoogle Scholar
  24. 24.
    Welch V, Gawor J, Kesselman C, Meder S, Pearlman L (2003) Security for grid services. In: Twelfth international symposium on high performance distributed computing, HPDC-12. IEEE Press, New York, pp 48–57 Google Scholar
  25. 25.
    Xiang Y, Zhou W (2004) Protect grids from DDOS attacks. In: GCC. LNCS, vol 3251. Springer, Berlin, pp 309–316 Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  • Raheel Hassan Syed
    • 1
  • Jasmina Pazardzievska
    • 2
  • Julien Bourgeois
    • 1
  1. 1.Computer Science Laboratory (LIFC)University of Franche-Comte (UFC)MontbeliardFrance
  2. 2.Faculty of Electrical Engineering and Information TechnologiesUniversity Ss. Cyril and MethodiusSkopjeRepublic of Macedonia

Personalised recommendations