Skip to main content
SpringerLink
Log in

Collaborative Anomaly-Based Attack Detection

  • Conference paper
Self-Organizing Systems (IWSOS 2007)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4725))

Included in the following conference series:

Abstract

Today networks suffer from various challenges like distributed denial of service attacks or worms. Multiple different anomaly-based detection systems try to detect and counter such challenges. Anomaly-based systems, however, often show high false negative rates. One reason for this is that detection systems work as single instances that base their decisions on local knowledge only.

In this paper we propose a collaboration of neighboring detection systems that enables receiving systems to search specifically for that attack which might have been missed by using local knowledge only. Once such attack information is received a decision process has to determine if a search for this attack should be started. The design of our system is based on several principles which guide this decision process. Finally, the attack information will be forwarded to the next neighbors increasing the area of collaborating systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hussain, A., Heidemann, J., Papadopoulos, C.: A framework for classifying denial of service attacks-extended. Technical report, USC/Information Sciences Institute (2003)

    Google Scholar 

  2. Shannon, C., Moore, D.: The spread of the witty worm. IEEE Security and Privacy 2(4), 46–50 (2004)

    Article  Google Scholar 

  3. Bellovin, S., Leech, M., Taylor, T.: Icmp traceback messages. Internet draft, Internet Engineering Task Force, Work in Progress (2003)

    Google Scholar 

  4. Snoeren, A.C.: Hash-based IP traceback. In: SIGCOMM, pp. 3–14 (2001)

    Google Scholar 

  5. Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling high bandwidth aggregates in the network. SIGCOMM Computer Communication Review 32(3), 62–73 (2002)

    Article  Google Scholar 

  6. Gamer, T.: A system for in-network anomaly detection. In: Kommunikation in Verteilten Systemen, pp. 275–282. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Kumar, S.: Classification and Detection of Computer Intrusions. PhD thesis, Purdue University (1995)

    Google Scholar 

  8. Roesch, M.: Snort, intrusion detection system (1999), http://www.snort.org

  9. Labib, K., Vemuri, V.R.: NSOM: A tool to detect denial of service attacks using self-organizing maps (2004)

    Google Scholar 

  10. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: SAC. Proceedings of the ACM symposium on Applied computing, pp. 346–350. ACM Press, New York (2003)

    Google Scholar 

  11. Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM), pp. 219–230 (2004)

    Google Scholar 

  12. Paxson, V.: Bro: a system for detecting network intruders in real-time. Compututer Networks 31(23-24), 2435–2463 (1999)

    Article  Google Scholar 

  13. Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)

    Google Scholar 

  14. Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proc. 20th NIST-NCSC National Information Systems Security Conference, October 1997, pp. 353–365 (1997)

    Google Scholar 

  15. Janakiraman, R., Waldvogel, M., Zhang, Q.: Indra: A peer-to-peer approach to network intrusion detection and prevention. In: WETICE. Proceedings of 12th IEEE Workshops on Enabling Technologies, Infrastructure for Collaborative Enterprises, June 2003, pp. 226–231. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  16. Schnackenberg, D., Holliday, H., Smith, R., Djahandari, K., Sterne, D.: Cooperative intrusion traceback and response architecture (CITRA). In: Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX), June 2001, pp. 56–68 (2001)

    Google Scholar 

  17. Boggs, D.R.: Internet Broadcasting. PhD thesis, Stanford University (1982)

    Google Scholar 

  18. Hancock, R., Karagiannis, G., Loughney, J., den Bosch, S.V.: Next steps in signaling (NSIS): Framework. RFC 4080, Internet Engineering Task Force (2005)

    Google Scholar 

  19. Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F., Cowan, J.: Xml 1.1, 2nd edn. W3C recommendation, W3C (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Telematik, Universität Karlsruhe (TH), Germany

    Thomas Gamer & Michael Scharf

  2. Computing Department, Lancaster University, UK

    Marcus Schöller

Authors
  1. Thomas Gamer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Scharf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcus Schöller
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

David Hutchison Randy H. Katz

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gamer, T., Scharf, M., Schöller, M. (2007). Collaborative Anomaly-Based Attack Detection. In: Hutchison, D., Katz, R.H. (eds) Self-Organizing Systems. IWSOS 2007. Lecture Notes in Computer Science, vol 4725. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74917-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74917-2_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74916-5

  • Online ISBN: 978-3-540-74917-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation