Abstract
We have witnessed many attacks in the cyberspace. However, most attacks are launched by individual attackers even though an attack may involve many compromised computers. In this paper, we envision what we believe to be the next generation cyber attacks — collaborative attacks. Collaborative attacks can be launched by multiple attackers (i.e., human attackers or criminal organizations), each of which may have some specialized expertise. This is possible because cyber attacks can become very sophisticated and specialization of attack expertise naturally becomes relevant. To counter collaborative attacks, we might need collaborative defense because each “chain” in a collaborative attack may be only adequately dealt with by a different defender. In order to understand collaborative attack and collaborative defense, we present a high-level abstracted framework for evaluating the effectiveness of collaborative defense against collaborative attacks. As a first step towards realizing and instantiating the framework, we explore a characterization of collaborative attacks and collaborative defense from the relevant perspectives.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Allman, M., Blanton, E., Paxson, V., Shenker, S.: Fighting coordinated attackers with cross-organizational information sharing. In: HOTNETS 2006 (2006)
Green, J., Marchette, D., Northcutt, S., Ralph, B.: Analysis techniques for detecting coordinated attacks and probes. In: Proceedings of the Workshop on Intrusion Detection and Network Monitoring, pp. 1–9 (1999)
Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6(4), 443–471 (2003)
Katti, S., Krishnamurthy, B., Katabi, D.: Collaborating against common enemies. In: Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement (IMC 2005), p. 34 (2005)
Li, X., Xu, S.: A stochastic modeling of coordinated internal and external attacks (manuscript in submission)
Ning, P., Cui, Y., Reeves, D.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM conference on Computer and communications security (CCS 2002), pp. 245–254 (2002)
Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Coordinated internet attacks: responding to attack complexity. Journal of Computer Security 12(2), 165–190 (2004)
Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2000), pp. 54–68 (2001)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.: A comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secur. Comput. 1(3), 146–169 (2004)
Zhou, J., Heckman, M., Reynolds, B., Carlson, A., Bishop, M.: Modeling network intrusion detection alerts for correlation. ACM Trans. Inf. Syst. Secur. 10(1), 4 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Xu, S. (2009). Collaborative Attack vs. Collaborative Defense. In: Bertino, E., Joshi, J.B.D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 10. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03354-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-03354-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03353-7
Online ISBN: 978-3-642-03354-4
eBook Packages: Computer ScienceComputer Science (R0)