TU Darmstadt / ULB / TUbiblio

SkipMon: a Locality-Aware Collaborative Intrusion Detection System

Vasilomanolakis, Emmanouil and Kruegl, Matthias and Cordero, Carlos Garcia and Fischer, Mathias and Mühlhäuser, Max :
SkipMon: a Locality-Aware Collaborative Intrusion Detection System.
International Performance Computing and Communications Conference (IPCCC) IEEE
[Conference or Workshop Item] , (2015)

Abstract

Due to the increasing quantity and sophistication of cyber-attacks, Intrusion Detection Systems (IDSs) are nowadays considered mandatory security mechanisms for protecting critical networks. Research on cyber-security is moving from such isolated IDSs towards Collaborative IDSs (CIDSs) in order to protect large-scale networks. In CIDSs, a number of IDS sensors work together for creating a holistic picture of the monitored network. Our contribution in this paper is a novel distributed and scalable CIDS, called SkipMon. Our system supports, both, the idea of locality and privacy preserving communication by means of exchanging compact alert data. Furthermore, we propose a mechanism for interconnecting sensors that experience similar traffic patterns. The experimental results suggest that our CIDS, with our technique of connecting monitoring nodes that experience similar traffic, is scalable and offers a good accuracy rate compared to a centralized system with full knowledge of the participating sensors’ data.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Vasilomanolakis, Emmanouil and Kruegl, Matthias and Cordero, Carlos Garcia and Fischer, Mathias and Mühlhäuser, Max
Title: SkipMon: a Locality-Aware Collaborative Intrusion Detection System
Language: German
Abstract:

Due to the increasing quantity and sophistication of cyber-attacks, Intrusion Detection Systems (IDSs) are nowadays considered mandatory security mechanisms for protecting critical networks. Research on cyber-security is moving from such isolated IDSs towards Collaborative IDSs (CIDSs) in order to protect large-scale networks. In CIDSs, a number of IDS sensors work together for creating a holistic picture of the monitored network. Our contribution in this paper is a novel distributed and scalable CIDS, called SkipMon. Our system supports, both, the idea of locality and privacy preserving communication by means of exchanging compact alert data. Furthermore, we propose a mechanism for interconnecting sensors that experience similar traffic patterns. The experimental results suggest that our CIDS, with our technique of connecting monitoring nodes that experience similar traffic, is scalable and offers a good accuracy rate compared to a centralized system with full knowledge of the participating sensors’ data.

Title of Book: International Performance Computing and Communications Conference (IPCCC)
Publisher: IEEE
Uncontrolled Keywords: Secure Services;- SSI - Area Secure Smart Infrastructures
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Department of Computer Science > Telecooperation
LOEWE > LOEWE-Zentren
Department of Computer Science
LOEWE
Event Location: Nanjing, China
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/PCCC.2015.7410282
Identification Number: TUD-CS-2015-1258
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item