Preventing Coordinated Attacks Via Distributed Alert Exchange
Joaquin Garcia-Alfaro, Michael A. Jaeger, Gero Muehl, and Joan Borrell
TL;DR
This paper proposes a decentralized attack prevention framework using publish/subscribe middleware to enable global system awareness and coordinated response to information system attacks.
Contribution
It introduces a novel decentralized approach leveraging publish/subscribe middleware for attack detection and response, with implementation and evaluation on GNU/Linux systems.
Findings
Effective detection of coordinated attacks demonstrated
Decentralized system improves response coordination
Middleware-based approach enhances system scalability
Abstract
Attacks on information systems followed by intrusions may cause large revenue losses. The prevention of both is not always possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to recognize and react to the different actions of such an attack. The design and deployment of a decentralized system targeted at detecting as well as reacting to information system attacks might benefit from the loose coupling realized by publish/subscribe middleware. In this paper, we present the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework. Furthermore, we present the design and implementation of our approach based on existing publish/subscribe middleware and evaluate our approach for GNU/Linux systems.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPeer-to-Peer Network Technologies · Network Security and Intrusion Detection · Advanced Malware Detection Techniques