Organizations security becomes increasingly more difficult to obtain due to the fact that information technology and networking resources are dispersed across organizations. Network intrusion attacks are more and more difficult to detect even if the most sophisticated security tools are used. To address this problem, researchers and vendors have proposed alert correlation, an analysis process that takes the events produced by the monitoring components and produces compact reports on the security status of the organization under monitoring. Centralized solutions imply to gather from distributed resources by a third party the global state of the network in order to evaluate risks of attacks but neglect the honest but curious behaviors. In this paper, we focus on this issue and propose a set of solutions able to give a coarse or a fine grain global state depending on the system needs and on the privacy level requested by the involved organizations.
A distributed and privacy-preserving method for network intrusion detection / F. Benali, N. Bennani, G. Gianini, S. Cimato (LECTURE NOTES IN COMPUTER SCIENCE). - In: On the Move to Meaningful Internet Systems, OTM 2010 / [a cura di] R. Meersman, T. Dillon, P. Herrero. - Berlin : Springer, 2010. - ISBN 9783642169489. - pp. 861-875 (( convegno OTM Confederated International Conferences tenutosi a Crete nel 2010 [10.1007/978-3-642-16949-6_13].
A distributed and privacy-preserving method for network intrusion detection
G. GianiniPenultimo
;S. Cimato
Ultimo
2010
Abstract
Organizations security becomes increasingly more difficult to obtain due to the fact that information technology and networking resources are dispersed across organizations. Network intrusion attacks are more and more difficult to detect even if the most sophisticated security tools are used. To address this problem, researchers and vendors have proposed alert correlation, an analysis process that takes the events produced by the monitoring components and produces compact reports on the security status of the organization under monitoring. Centralized solutions imply to gather from distributed resources by a third party the global state of the network in order to evaluate risks of attacks but neglect the honest but curious behaviors. In this paper, we focus on this issue and propose a set of solutions able to give a coarse or a fine grain global state depending on the system needs and on the privacy level requested by the involved organizations.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Benali2010_Chapter_ADistributedAndPrivacy-Preserv.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
315.16 kB
Formato
Adobe PDF
|
315.16 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
