Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation

Joaquin Garcia; Fabien Autrel; Joan Borrell; Sergio Castillo; Frederic Cuppens; Guillermo Navarro

doi:10.1007/978-3-540-30191-2_18

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation

Joaquin Garcia, Fabien Autrel, Joan Borrell, Sergio Castillo, Frederic Cuppens, Guillermo Navarro

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

Abstract

We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Editors	Javier Lopez, Sihan Qing, Eiji Okamoto
Publisher	Springer Verlag
Pages	223-235
Number of pages	13
ISBN (Print)	3540235639, 9783540235637
DOIs	https://doi.org/10.1007/978-3-540-30191-2_18
Publication status	Published - 1 Jan 2004
Externally published	Yes

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3269
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Keywords

Alert Correlation
Intrusion Detection
Publish-Subscribe Systems

Access to Document

10.1007/978-3-540-30191-2_18

Cite this

Garcia, J., Autrel, F., Borrell, J., Castillo, S., Cuppens, F., & Navarro, G. (2004). Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. In J. Lopez, S. Qing, & E. Okamoto (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 223-235). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3269). Springer Verlag. https://doi.org/10.1007/978-3-540-30191-2_18

Garcia, Joaquin ; Autrel, Fabien ; Borrell, Joan et al. / Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). editor / Javier Lopez ; Sihan Qing ; Eiji Okamoto. Springer Verlag, 2004. pp. 223-235 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{5c7f8b82e9534fb3b9ad690607cde7ac,

title = "Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation",

abstract = "We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.",

keywords = "Alert Correlation, Intrusion Detection, Publish-Subscribe Systems",

author = "Joaquin Garcia and Fabien Autrel and Joan Borrell and Sergio Castillo and Frederic Cuppens and Guillermo Navarro",

year = "2004",

month = jan,

day = "1",

doi = "10.1007/978-3-540-30191-2\_18",

language = "English",

isbn = "3540235639",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "223--235",

editor = "Javier Lopez and Sihan Qing and Eiji Okamoto",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

Garcia, J, Autrel, F, Borrell, J, Castillo, S, Cuppens, F & Navarro, G 2004, Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. in J Lopez, S Qing & E Okamoto (eds), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3269, Springer Verlag, pp. 223-235. https://doi.org/10.1007/978-3-540-30191-2_18

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. / Garcia, Joaquin; Autrel, Fabien; Borrell, Joan et al.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). ed. / Javier Lopez; Sihan Qing; Eiji Okamoto. Springer Verlag, 2004. p. 223-235 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3269).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation

AU - Garcia, Joaquin

AU - Autrel, Fabien

AU - Borrell, Joan

AU - Castillo, Sergio

AU - Cuppens, Frederic

AU - Navarro, Guillermo

PY - 2004/1/1

Y1 - 2004/1/1

N2 - We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.

AB - We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system.

KW - Alert Correlation

KW - Intrusion Detection

KW - Publish-Subscribe Systems

U2 - 10.1007/978-3-540-30191-2_18

DO - 10.1007/978-3-540-30191-2_18

M3 - Chapter

AN - SCOPUS:35048819574

SN - 3540235639

SN - 9783540235637

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 223

EP - 235

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

A2 - Lopez, Javier

A2 - Qing, Sihan

A2 - Okamoto, Eiji

PB - Springer Verlag

ER -

Garcia J, Autrel F, Borrell J, Castillo S, Cuppens F, Navarro G. Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. In Lopez J, Qing S, Okamoto E, editors, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. 2004. p. 223-235. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-30191-2_18

Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Cite this