[go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Collaborative Attack Detection Using Distributed Hash Tables

  • Chapter
Collaborative Financial Infrastructure Protection

Abstract

This chapter describes a distributed architecture for collaborative detection of cyber attacks and network intrusions based on distributed hash tables (DHTs). We present a high-level description of the distributed architecture for collaborative attack detection. In particular, we highlight the two main functional blocks: the collaboration layer, realized through a DHT, and the engine for complex event processing. We then describe the implementation of a working prototype of the proposed architecture that represents one of the Semantic Rooms of the CoMiFin project. Our reference implementation is implemented through well-known open source software. In particular, the DHT leverages Scribe and PAST, while we use Esper as the CEP engine. We demonstrate how the proposed implementation can be used to realize a collaborative architecture for the early detection of real-world attacks carried out against financial institutions. We focus on the detection of Man-in-the-Middle attacks to demonstrate the effectiveness of our proposal. Finally, we highlight the main advantages of the proposed architecture with respect to traditional (centralized and hierarchical) solutions for intrusion detection. In particular, we address the issues of fault tolerance, scalability, and load balancing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Esper: Event Processing for Java. Available online at http://www.espertech.com/products/esper.php

  2. Colajanni, M., Gozzi, D., Marchetti, M.: Collaborative architecture for malware detection and analysis. In: Proc. of the 23rd International Information Security Conference (SEC 2008), Milan, Italy, Sep. 2008

    Google Scholar 

  3. Rowstron, A., Druschel, P.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: Proc. of the IFIP/ACM International Conference on Distributed Systems Platforms (Middleware), Heidelberg, Germany, Nov. 2001

    Google Scholar 

  4. Druschel, P., Rowstron, A.: PAST: A large-scale, persistent peer-to-peer storage utility. In: 8th Workshop on Hot Topics in Operating Systems (HotOS VIII), Schoss Elmau, Germany, May 2001

    Google Scholar 

  5. Rowstron, A., Druschel, P.: Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility. In: Proc. of the 18th ACM Symposium on Operating Systems Principles (SOSP’01), Chateau Lake Louise, Banff, Canada, May 2001

    Google Scholar 

  6. Rowstron, A., Kermarrec, A.M., Castro, M., Druschel, P.: SCRIBE: The design of a large-scale event notification infrastructure. In: Proc. of the 3rd International Workshop on Networked Group Communication (NGC2001), UCL, London, UK, Nov. 2001

    Google Scholar 

  7. Castro, M., Jones, M.B., Kermarrec, A.M., Rowstron, A., Theimer, M., Wang, H., Wolman, A.: An evaluation of scalable application-level multicast built using peer-to-peer overlays. In: Proc. of the Infocom’03, San Francisco, CA, USA, Apr. 2003

    Google Scholar 

  8. FreePastry library. Available online at http://www.freepastry.org/FreePastry/

  9. Snapp, S.R., Brentano, J., Dias, G.V., Goan, T.L., Grance, T., Heberlein, L.T., Ho, C.-L., Levitt, K.N., Mukherjee, B., Mansur, D.L., Pon, K.L., Smaha, S.E.: A system for distributed intrusion detection. In: Compcon Spring ’91. Digest of Papers from the IEEE Computer Society Thirty-sixth International Conference, San Francisco, CA, USA, Feb. 1991

    Google Scholar 

  10. Snapp, S.R., Brentano, J., Dias, G.V., Gihan, V., Goan, T.L., Terrance, L., Heberlein, L.T., Ho, C.-L., Levitt, K.N., Mukherjee, B., Smaha, S.E., Grance, T., Teal, D.M., Mansur, D.: DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype. In: Internet besieged: countering cyberspace scofflaws, pp. 211–227. ACM Press/Addison-Wesley, New York (1998). ISBN:0-201-30820-7

    Google Scholar 

  11. Kemmerer, R.A.: NSTAT: a model-based real-time network intrusion detection system. Tech. report, University of California at Santa Barbara, Santa Barbara, CA, USA (1998)

    Google Scholar 

  12. Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. In: IEEE Transactions on Software Engineering, IEEE Press, Piscataway (1995)

    Google Scholar 

  13. Bass, T.: Multisensor data fusion for next generation distributed intrusion detection systems. In: Proc. of the 1999 DoD-IRIS National Symposium on Sensor and Data Fusion (NSSDF), Laurel, MD, USA, May 1999

    Google Scholar 

  14. Bass, T.: Intrusion detection systems and multisensor data fusion. Communication of the ACM 43(4) (2000)

    Google Scholar 

  15. Zhang, Y.-F., Xiong, Z.-Y., Wang, X.-Q.: Distributed intrusion detection based on clustering. In: Proc. of the 2005 International Conference on Machine Learning and Cybernetics, Guangzhou, China, Apr. 2005

    Google Scholar 

  16. Wu, Y.-S., Foo, B., Mei, Y., Bagchi, S.: Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS. In: Proc. of the 19th Annual Computer Security Applications Conference, Las Vegas, NV, USA, Dec. 2003

    Google Scholar 

  17. Wang, Y., Yang, H., Wang, X., Zhang, R.: Distributed intrusion detection system based on data fusion method. In: Proc. of the Fifth World Congress on Intelligent Control and Automation (WCICA 2004), Hangzhou, China, Jun. 2004

    Google Scholar 

  18. Sourcefire®, Sourcefire Defense Center™. http://www.sourcefire.com/products/3D/defense_center

  19. Top Layer Security®, SecureCommand™IPS Centralized Management Solution. http://www.toplayer.com/content/products/intrusion_detection/index.jsp

  20. Datamation®, Dragon IDS/IPS: Distributed IDS/IPS Platform with Multiple Detection Methods. http://products.datamation.com/security/id/1192208840.html

  21. Qbik®, NetPatrol. http://www.wingate.com/products/netpatrol/features.php?fid=68

  22. Prelude IDS technologies, Prelude IDS homepage. http://www.prelude-ids.org/

  23. Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS—a graph-based intrusion detection system for large networks. In: Proc. of the 19th National Information Systems Security Conference, Baltimore, MD, USA, Oct. (1996)

    Google Scholar 

  24. Ragsdale, D., Carver, C., Humphries, J., Pooch, U.: Adaptation techniques for intrusion detection and intrusion response systems. In: Proc. of the IEEE International Conference on Systems, Man, and Cybernetics (SMC 2000), Nashville, TN, USA, Oct. 2000

    Google Scholar 

  25. Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), Davis, CA, USA, Oct. 2001

    Google Scholar 

  26. Zhang, Z., Li, J., Manikopulos, C.N., Jorgenson, J., Ucles, J.: A hierarchical anomaly network intrusion detection system using neural network classification. In: Proc. of 2001 WSES Conference on Neural Networks and Applications (NNA ’01), Tenerife, Canary Islands, Feb. 2001

    Google Scholar 

  27. Zhang, Z., Li, J., Manikopulos, C.N., Jorgenson, J., Ucles, J.: HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In: Proc. of the 2001 IEEE Workshop on Information Assurance and Security, West Point, NY, USA, Jun. 2001

    Google Scholar 

  28. Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E.H., Zamboni, D.: An architecture for intrusion detection using autonomous agents. In: Proc. of the 14th Annual Computer Security Applications Conference (ACSAC 1998). Scottsdale, AZ, USA, Dec. 1998

    Google Scholar 

  29. Eugster, P.T., Felber, P.A., Guerraoui, R., Kermarrec, A.: The many faces of publish/subscribe. ACM Comput. Surv. 35(2) (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Elsag Datamat, via Laurentina 760, Rome, Italy

    Enrico Angori

  2. University of Modena and Reggio Emilia, via Vignolese 905, Modena, Italy

    Michele Colajanni, Mirco Marchetti & Michele Messori

Authors
  1. Paulo Esteves Verssimo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Enrico Angori
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michele Colajanni
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mirco Marchetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michele Messori
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mirco Marchetti .

Editor information

Editors and Affiliations

  1. Dipartimento di Ingegneria Informatica,, Automatica e Gestionale, Università di Roma “La Sapienza”, Via Ariosto 25, Roma, 00185, Italy

    Roberto Baldoni

  2. IBM Research, Mount Carmel, Haifa, 31905, Israel

    Gregory Chockler

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Esteves Verssimo, P., Angori, E., Colajanni, M., Marchetti, M., Messori, M. (2012). Collaborative Attack Detection Using Distributed Hash Tables. In: Baldoni, R., Chockler, G. (eds) Collaborative Financial Infrastructure Protection. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20420-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-20420-3_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-20419-7

  • Online ISBN: 978-3-642-20420-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics