Abstract
Organizations security becomes increasingly more difficult to obtain due to the fact that information technology and networking resources are dispersed across organizations. Network intrusion attacks are more and more difficult to detect even if the most sophisticated security tools are used. To address this problem, researchers and vendors have proposed alert correlation, an analysis process that takes the events produced by the monitoring components and produces compact reports on the security status of the organization under monitoring. Centralized solutions imply to gather from distributed resources by a third party the global state of the network in order to evaluate risks of attacks but neglect the honest but curious behaviors. In this paper, we focus on this issue and propose a set of solutions able to give a coarse or a fine grain global state depending on the system needs and on the privacy level requested by the involved organizations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Benaloh, J., de Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)
Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 61. Springer, Heidelberg (2002)
Clifton, C., Kantarcioglu, M., Vaidya, J., Lin, X., Zhu, M.Y.: Tools for privacy preserving distributed data mining. SIGKDD Explor. Newsl. 4(2), 28–34 (2002)
Chen, R., Sivakumar, K., Kargupta, H.: Learning Bayesian Network Structure from Distributed Data. In: Proc. SIAM Int’l Data Mining Conf., pp. 284–288 (2003)
Goldreich, O., Micali, S., Wigderson, A.: How to Play ANY Mental Game. In: Proc. 19th Ann. ACM Conf. Theory of Computing, pp. 218–229 (1987)
Goldreich, O.: Foundations of Cryptography, vol. II: Basic Applications. Cambridge Univ. Press, Cambridge (2004)
Goodrich, M.T., Tamassia, R., Hasic, J.: An efficient dynamic and distributed cryptographic accumulator. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 372–388. Springer, Heidelberg (2002)
Meng, D., Sivakumar, K., Kargupta, H.: Privacy-Sensitive Bayesian Network Parameter Learning. In: Proc. Fourth IEEE Int’l Conf. Data Mining, pp. 487–490 (2004)
Yamanishi, K.: Distributed cooperative Bayesian Learning strategies. Information and Computation 150(1), 22–56 (1999)
Wright, R.N., Yang, Z.: Privacy-Preserving Bayesian Network Structure Computation on Distributed Heterogeneous Data. In: Proc. 10th ACM SIGKDD Int’l Conf. Knowledge Discovery and Data Mining, pp. 713–718 (2004)
Yang, Z., Wright, R.N.: Privacy-Preserving Computation of Bayesian Networks on Vertically Partitioned Data. IEEE Transactions on Knowledge and Data Engineering, 1253–1264 (September 2006)
Yao, A.: How to Generate and Exchange Secrets. In: Proc. 27th IEEE Symp. Foundations of Computer Science, pp. 162–167 (1986)
Benali, F., Legrand, V., Ubéda, S.: An ontology for the management of heteregenous alerts of information system. In: The 2007 International Conference on Security and Management (SAM 2007), Las Vegas, USA, pp. 374–380 (June 2007)
Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security Repelling the Wily Hacker. Addison-Wesley, Reading (1994)
Cohen, F.B.: Information system attacks: A preliminary classification scheme. Computers and Security 16(1), 29–46 (1997)
Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: ACSAC 2001: Proceedings of the 17th Annual Computer Security Applications Conference, Washington, DC, USA, p. 22. IEEE Computer Society, Los Alamitos (2001)
Cuppens, F., Miège, A.: Alert correlation in a cooperative intrusion detection framework. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 202. IEEE Computer Society, Los Alamitos (2002)
Curry, D., Debar, H.: Intrusion detection message exchange format
Dain, O., Cunningham, R.K.: Fusing a heterogeneous alert stream into scenarios. In: Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, pp. 1–13 (2001)
Dain, O.M., Cunningham, R.K.: Building scenarios from a heterogeneous alert stream. In: IEEE Workshop on Information Assurance and Security, pp. 231–235 (June 2001)
Davidson: Actions, reasons, and causes. Journal of Philosophy 685–700 (1963) (Reprinted in Davidson 1980, pp. 3–19)
Howard, J., Longstaff, T.: A common language for computer security incidents. Sand98-8667, Sandia International Laboratories (1998)
Howard, J.D.: An Analysis of Security Incidents on the Internet -normalement phd dissertation. PhD thesis, Carnegie Mellon University, Pittsburgh, Pennsylvania 15213 USA (April 1997)
Johi, A., Pinkston, J., Undercoffer, J.: Modeling computer attacks: an ontology for intrusion detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)
Lindqvist, U., Jonsson, E.: How to systematically classify computer security intrusions. In: Proceeding of the IEEE Symposium on Security and Privacy, pp. 154–163 (1997)
Lindqvist, U., Porras, P.A.: Detecting computer and network misuse through the production-based expert system toolset(p-best). In: Proceeding of the 1999 Symposium of Security and Privacy, Oakland, CA, USA. IEEE Computer Society, Los Alamitos (May 1999)
Ning, P., Xu, D., Healey, C.G., Amant, R.S.: Building attack scenarios through integration of complementary alert correlation methods. In: Proceedings of The 11th Annual Network And Distributed System Security Symposium (NDSS 2004), pp. 97–111 (2004)
Peng, N., Yun, C., Reeves Douglas, S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 245–254. ACM, New York (2002)
Saraydaryan, J., Benali, F., Ubéda, S., Legrand, V.: Comprehensive security framework for global threads analysis. International Journal of Computer Science Issues IJCSI 2, 18–32 (2009)
Saraydaryan, J., Legrand, V., Ubéda, S.: Behavioral anomaly detection using bayesian modelization based on a global vision of the system. In: NOTERE (2007)
Stallings, W.: Network and internetwork security: principles and practice. Prentice-Hall, Inc., Upper Saddle River (1995)
Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. J. Comput. Secur. 10(1-2), 105–136 (2002)
Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, RAID 2000, London, UK, pp. 54–68. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Benali, F., Bennani, N., Gianini, G., Cimato, S. (2010). A Distributed and Privacy-Preserving Method for Network Intrusion Detection. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems, OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6427. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16949-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-16949-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16948-9
Online ISBN: 978-3-642-16949-6
eBook Packages: Computer ScienceComputer Science (R0)