Advertisement

Intrusion Detections in Collaborative Organizations by Preserving Privacy

  • Nischal Verma
  • François Trousset
  • Pascal Poncelet
  • Florent Masseglia
Part of the Studies in Computational Intelligence book series (SCI, volume 292)

Abstract

To overcome the problem of attacks on networks, new Intrusion Detection System (IDS) approaches have been proposed in recent years. They consist in identifying signatures of known attacks to compare them to each request and determine whether it is an attack or not. However, these methods are set to default when the attack is unknown from the database of signatures. Usually this problem is solved by calling human expertise to update the database of signatures. However, it is frequent that an attack has already been detected by another organization and it would be useful to be able to benefit from this knowledge to enrich the database of signatures. Unfortunately this information is not so easy to obtain. In fact organizations do not necessarily want to spread the information that they have already faced this type of attack. In this paper we propose a new approach to intrusion detection in a collaborative environment but by preserving the privacy of the collaborative organizations. Our approach works for any signature that may be written as a regular expression insuring that no information is disclosed on the content of the sites.

Keywords

Privacy Intrusion Detection Collaborative Approach 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proc. of the IEEE International Conference on Networks (ICON 2005), pp. 118–123 (2005)Google Scholar
  2. The Open Source Vulnerability Database (2008), http://osvdb.org/
  3. Escamilla, T.: Intrusion Detection: Network Security beyond the firewall. John Wiley and Sons, New York (1998)Google Scholar
  4. Goldreich, O.: Secure multi-party computation - working draft (2000), citeseer.ist.psu.edu/goldreich98secure.html
  5. Graham, R.: FAQ: Network Intryusion Detection System (2001), http://www.robertgraham.com/pubs/network-intrusion-detection.html
  6. Heady, R., Luger, G., Maccabe, A., Servilla, M.: The Architecture of a Network Level Intrusion Detection System. Technical Report CS9020 (1990)Google Scholar
  7. Hopcroft, J., Motwanu, R., Rotwani, Ullman, J.: Introduction to Automata Theory, Languages and Computability. Addison-Wesley, Reading (2000)Google Scholar
  8. Janakiraman, R., Waldvoge, M., Zhang, Q.: Indra: a peer-to-peer approach to network intrusion detection and prevention. In: Proc. of the 12th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 226–231 (2003)Google Scholar
  9. Kantarcioglu, M., Vaidya, J.: An architecture for privacy-preserving mining of client information. In: Proc. of the Workshop on Privac, pp. 27–42 (2002)Google Scholar
  10. Locasto, M., Parekh, J., Keromytis, A., Stolfo, S.: Towards Collaborative Security and P2P Intrusion Detection. In: Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, West Point, NY (2005)Google Scholar
  11. McHugh, J., Christie, A., Allen, J.: Defending yourself: the role of intrusion detection systems. IEEE Software, 42–51 (2000)Google Scholar
  12. Proctor, P.: Practical Intrusion Detection Handbook. Prentice-Hall, Englewood Cliffs (2001)Google Scholar
  13. Wang, K., Cretu, G., Stolfo, S.: Anomalous Payload-based Worm Detection and Signature Generation. In: Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (2005)Google Scholar
  14. Zhang, G., Parashar, M.: Cooperative Defence Against DDoS Attacks. Journal of Research and Practice in Information Technology 38(1) (2006)Google Scholar
  15. Zhou, C.V., Karunasekera, S., Leckie, C.: Evaluation of a Decentralized Architecture for Large Scale Collaborative Intrusion Detection. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management (IM 2007), pp. 80–89 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nischal Verma
    • 1
  • François Trousset
    • 2
  • Pascal Poncelet
    • 3
  • Florent Masseglia
    • 4
  1. 1.Indian Institute of Technology GuwahatiIndia
  2. 2.LGI2P - Ecole des Mines d’Alès, Parc Scientifique G. BesseNîmesFrance
  3. 3.LIRMM UMR CNRS 5506Montpellier Cedex 5France
  4. 4.INRIA Sophia AntipolisSophia AntipolisFrance

Personalised recommendations