Home // ICIMP 2012, The Seventh International Conference on Internet Monitoring and Protection // View article

Improving Attack Aggregation Methods Using Distributed Hash Tables

Authors:
Zoltán Czirkos
Márta Rencz
Gábor Hosszú

Keywords: collaborative intrusion detection; attack correlation; peer-to-peer; distributed hash table

Abstract:
Collaborative intrusion detection has several difficult subtasks to handle. Large amount of data generated by intrusion detection probes has to be handled to spot intrusions. Also when correlating the pieces of evidence, the connection between them has to be revealed as well, as it may be the case that they are part of a complex, large-scale attack. In this article, we present a peer-to-peer network based intrusion detection system, which is able to handle the intrusion detection data efficiently while maintaining the accuracy of centralized approaches of correlation. The system is built on a distributed hash table, for which keys are assigned to each piece of intrusion data in a preprocessing step. This method allows one to make well-known correlation mechanisms work in a distributed environment.

Pages: 82 to 87

Copyright: Copyright (c) IARIA, 2012

Publication date: May 27, 2012

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-201-1

Location: Stuttgart, Germany

Dates: from May 27, 2012 to June 1, 2012