Abstract
Today networks suffer from various challenges like distributed denial of service attacks or worms. Multiple different anomaly-based detection systems try to detect and counter such challenges. Anomaly-based systems, however, often show high false negative rates. One reason for this is that detection systems work as single instances that base their decisions on local knowledge only.
In this paper we propose a collaboration of neighboring detection systems that enables receiving systems to search specifically for that attack which might have been missed by using local knowledge only. Once such attack information is received a decision process has to determine if a search for this attack should be started. The design of our system is based on several principles which guide this decision process. Finally, the attack information will be forwarded to the next neighbors increasing the area of collaborating systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hussain, A., Heidemann, J., Papadopoulos, C.: A framework for classifying denial of service attacks-extended. Technical report, USC/Information Sciences Institute (2003)
Shannon, C., Moore, D.: The spread of the witty worm. IEEE Security and Privacy 2(4), 46–50 (2004)
Bellovin, S., Leech, M., Taylor, T.: Icmp traceback messages. Internet draft, Internet Engineering Task Force, Work in Progress (2003)
Snoeren, A.C.: Hash-based IP traceback. In: SIGCOMM, pp. 3–14 (2001)
Mahajan, R., Bellovin, S.M., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling high bandwidth aggregates in the network. SIGCOMM Computer Communication Review 32(3), 62–73 (2002)
Gamer, T.: A system for in-network anomaly detection. In: Kommunikation in Verteilten Systemen, pp. 275–282. Springer, Heidelberg (2007)
Kumar, S.: Classification and Detection of Computer Intrusions. PhD thesis, Purdue University (1995)
Roesch, M.: Snort, intrusion detection system (1999), http://www.snort.org
Labib, K., Vemuri, V.R.: NSOM: A tool to detect denial of service attacks using self-organizing maps (2004)
Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: SAC. Proceedings of the ACM symposium on Applied computing, pp. 346–350. ACM Press, New York (2003)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications (SIGCOMM), pp. 219–230 (2004)
Paxson, V.: Bro: a system for detecting network intruders in real-time. Compututer Networks 31(23-24), 2435–2463 (1999)
Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)
Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proc. 20th NIST-NCSC National Information Systems Security Conference, October 1997, pp. 353–365 (1997)
Janakiraman, R., Waldvogel, M., Zhang, Q.: Indra: A peer-to-peer approach to network intrusion detection and prevention. In: WETICE. Proceedings of 12th IEEE Workshops on Enabling Technologies, Infrastructure for Collaborative Enterprises, June 2003, pp. 226–231. IEEE Computer Society Press, Los Alamitos (2003)
Schnackenberg, D., Holliday, H., Smith, R., Djahandari, K., Sterne, D.: Cooperative intrusion traceback and response architecture (CITRA). In: Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX), June 2001, pp. 56–68 (2001)
Boggs, D.R.: Internet Broadcasting. PhD thesis, Stanford University (1982)
Hancock, R., Karagiannis, G., Loughney, J., den Bosch, S.V.: Next steps in signaling (NSIS): Framework. RFC 4080, Internet Engineering Task Force (2005)
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F., Cowan, J.: Xml 1.1, 2nd edn. W3C recommendation, W3C (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gamer, T., Scharf, M., Schöller, M. (2007). Collaborative Anomaly-Based Attack Detection. In: Hutchison, D., Katz, R.H. (eds) Self-Organizing Systems. IWSOS 2007. Lecture Notes in Computer Science, vol 4725. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74917-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-74917-2_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74916-5
Online ISBN: 978-3-540-74917-2
eBook Packages: Computer ScienceComputer Science (R0)