Abstract
Due to the extensive growth of grid computing networks, security is becoming a challenge. Usual solutions are not enough to prevent sophisticated attacks fabricated by multiple users especially when the number of nodes connected to the network is changing over the time. Attackers can use multiple nodes to launch DDoS attacks which generate a large amount of security alerts. On the one hand, this large number of security alerts degrades the overall performance of the network and creates instability in the operation of the security management solutions. On the other hand, they can help in camouflaging other real attacks. To address these issues, a correlation mechanism is proposed which reduces the security alerts and continue detecting attacks in grid computing networks. To obtain the more accurate results, a major portion of the experiments are performed by launching DDoS and Brute Force (BF) attacks in real grid environment, i.e., the Grid’5000 (G5K) network.
Similar content being viewed by others
References
Bourgeois J, Hassan SR (2009) Managing security of grid architecture with a grid security operation center. In: SECRYPT’09, int conf on security and cryptography, Milan, Italy. INSTICC Press, pp 403–408
Bourgeois J, Bidou R, Spies F (2003) Towards a global security architecture for intrusion detection and reaction management. In: Chae K, Yung M (eds) Proc of the 4th int workshop on information security applications, WISA 2003, Jeju, Corea, August 2003. LNCS, vol 2908. Springer, Berlin, pp 129–142
Chakrabarti A (2007) Grid computing security. Springer, Berlin
Choon OT, Samsudin A (2003) Grid-based intrusion detection system. In: The 9th Asia-Pacific conference on communications, APCC 2003, 21–24 Sept 2003, vol 3, pp 1028–1032. ISBN 0-7803-8114-9
Common vulnerabilities and exposures is a dictionary of publicly known information security vulnerabilities and exposures (2010). http://cve.mitre.org/
Ford R, Bush M, Bulatov A (2006) Predation and the cost of replication: new approaches to malware prevention? Comput Secur 25(4):257–264
Foster I, Kesselman C, Nick JM, Tuecke S (2002) The physiology of the grid: an open grid services architecture for distributed systems integration. http://www.globus.org/alliance/publications/papers/ogsa.pdf
Ganame AK, Bourgeois J, Bidou R, Spies F (2008) A global security architecture for intrusion detection on computer networks. Comput Secur 27(1–2):30–47
Grid’5000 is a scientific instrument for the study of large scale parallel and distributed systems (2010). https://www.grid5000.fr/mediawiki/index.php/Grid5000:Home
Guess who is a password brute force utility for attacking secure shell version 2 accounts (2010). http://www.vulnerabilityassessment.co.uk/guesswho.htm
Hping is a command-line oriented TCP/IP packet assembler/analyzer (2011). http://www.hping.org/
Kanoun W, Cuppens-Boulahia N, Cuppens F, Dubus S, Martin A (2009) Success likelihood of ongoing attacks for intrusion detection and response systems. In: Proceedings of the 2009 international conference on computational science and engineering, vol 3. IEEE Comput Soc, Washington, pp 83–91
Karim GA, Bourgeois J (2008) Defining a simple metric for real-time security level evaluation of multi-sites networks. In: IEEE international symposium on parallel and distributed processing, IPDPS 2008, 14–18 April 2008, pp 1–8
Kruegel C (2004) Intrusion detection and correlation: challenges and solutions. Springer TELOS, Santa Clara
Kun JM (2010) Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer
Open source security information and event management (OSSIM) (2011). http://alienvault.com/resources/documentation/technical-documentation
Porras P, Schnackenberg D, Staniford-Chen S, Stillman M, Wu F (1998) The common intrusion detection framework architecture (CIDF). http://gost.isi.edu/cidf/drafts/architecture.txt
Sadoddin R, Ghorbani A (2006) Alert correlation survey: framework and techniques. In: Proceedings of the 2006 international conference on privacy, security and trust: bridge the gap between PST technologies and business services, PST’06. ACM, New York, pp 1–10
Staniford-Chen, S, Tung, B, Porras, P, Kahn, C, Schnackenberg, D, Feiertag, R, Stillman, M (1998) The common intrusion detection framework data formats. http://tools.ietf.org/html/draft-staniford-cidf-data-formats-00
Sventek (2010) Apsend is a TCP/IP packet sender to test firewalls and other network applications. http://packetstormsecurity.org/
The open grid services architecture, version 1.5 (2002–2006). http://www.ogf.org/documents/GFD.80.pdf
van Hauser (2010) The hacker’s choice, a very fast network logon cracker which support many different services. http://freeworld.thc.org/
Wang HJ, Guo C, Simon DR, Zugenmaier A (2004) Shield: vulnerability-driven network filters for preventing known vulnerability exploits. Comput Commun Rev 34:193–204
Welch V, Gawor J, Kesselman C, Meder S, Pearlman L (2003) Security for grid services. In: Twelfth international symposium on high performance distributed computing, HPDC-12. IEEE Press, New York, pp 48–57
Xiang Y, Zhou W (2004) Protect grids from DDOS attacks. In: GCC. LNCS, vol 3251. Springer, Berlin, pp 309–316
Acknowledgements
Thanks to the Laboratory of Computer Science University of Franche-Comte, France, the Higher Education Commission and Quaid-e-Awam University of Engineering, Sciences, and Technology, Pakistan, for supporting our work financially, and to the Grid’5000 network for providing us with the platform to perform tests.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Syed, R.H., Pazardzievska, J. & Bourgeois, J. Fast attack detection using correlation and summarizing of security alerts in grid computing networks. J Supercomput 62, 804–827 (2012). https://doi.org/10.1007/s11227-012-0754-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-012-0754-1