Abstract
Distributed and coordinated attacks can disrupt electronic commerce applications and cause large revenue losses. The prevention of these attacks is not possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to react against the different actions of such an attack. We are currently working on a decentralized attack prevention framework that is targeted at detecting as well as reacting to these attacks. The cooperation between the different entities of this system has been efficiently solved through the use of a publish/subscribe model. In this paper we first present the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework. Then, we present the design for our specific approach. Finally, we shortly discuss our implementation based on a freely available publish/subscribe message oriented middleware.
This work has partially been funded by the Spanish Ministry of Science and Technology (MCYT) through the project TIC2003-02041 and the Catalan Ministry of Universities, Research and Information Society (DURSI) with its grant 2003FI-126.
Chapter PDF
References
Debar, H., Curry, D., and Feinstein, B. (January 2005). Intrusion detection message exchange format data model and extensible markup language. Technical report.
García, J., Autrel, F., Borrell, J., Castillo, S., Cuppens, F., and Navarro, G. (2004). Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. In Sixth International Conference on Information and Communications Security, volume 3269 of LNCS, pages 223–235, Malaga, Spain. Springer-Verlag.
Hochberg, J., Jackson, K., Stallins, C., McClary, J. F., DuBois, D., and Ford, J. (May 1993). NADIR: An automated system for detecting network intrusion and misuse. In Computer and Security, volume 12(3), pages 235–248.
Kruegel, C. (June 2002). Network Alertness-Towards an adaptive, collaborating Intrusion Detection System. PhD thesis, Technical University of Vienna.
Lippmann, R., Haines, J., Fried, D., Korba, J., and Das, K. (2000). The 1999 darpa off-line intrusion detection evaluation. Computer Networks, (34):579–595.
Migus, A. C. (March 2004). IDMEF XML library version 0.7.3. http://sourceforge.net/projects/libidmef/.
Mühl, G. (2002). Large-Scale Content-Based Publish-Subscribe Systems. PhD thesis, Technical University of Darmstadt.
Ruff, M. (2000). XmlBlaster: open source message oriented middleware. http://xmlblaster.org/.
Snapp, S. R., Brentano, J., Dias, G. V., Goan, T. L., Heberlein, L. T., Ho, C, K. N. Levitt, Mukherjee, B., Smaha, S. E., Grance, T., Teal, D. M., and Mansur, D. (October, 1991). DIDS (distributed intrusion detection system)-motivation, architecture and an early prototype. In Proceedings 14th National Security Conference, pages 167–176.
Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Levitt, J. Hoagland K., Wee, C., Yip, R., and Zerkle, D. (1996). GrIDS — a graph-based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference.
Vigna, G. and Kemmerer, R. A. (1999). NetSTAT: A network-based intrusion detection system. Journal of Computer Security, 7(1):37–71.
White, G. B., Fisch, E. A., and Pooch, U. W. (February 1999). Cooperating security managers: A peer-based intrusion detection system. IEEE Network, 7:20–23.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
García, J., Jaeger, M.A., Mühl, G., Borrell, J. (2005). Decoupling Components of an Attack Prevention System Using Publish/Subscribe. In: Glitho, R., Karmouch, A., Pierre, S. (eds) Intelligence in Communication Systems. INTELLCOMM 2005. IFIP — The International Federation for Information Processing, vol 190. Springer, Boston, MA. https://doi.org/10.1007/0-387-32015-6_9
Download citation
DOI: https://doi.org/10.1007/0-387-32015-6_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29121-5
Online ISBN: 978-0-387-32015-1
eBook Packages: Computer ScienceComputer Science (R0)