Sciweavers

IEEECIT
2010
IEEE

Selective and Early Threat Detection in Large Networked Systems

13 years 11 months ago
Selective and Early Threat Detection in Large Networked Systems
—The complexity of modern networked information systems, as well as all the defense-in-depth best practices, require distributed intrusion detection architectures relying on the cooperation of multiple components. Similar solutions cause a multiplication of alerts, thus increasing the time needed for alert management and hiding the few critical alerts as needles in a hay stack. We propose an innovative distributed architecture for intrusion detection that is able to provide system administrators with selective and early security warnings. This architecture is suitable to large networks composed by several departments because it leverages hierarchical and peer-to-peer cooperation schemes among distributed NIDSes. Moreover, it embeds a distributed alert ranking system that makes it possible to evaluate the real level of risk represented by a security alert generated by a NIDS, and it allows independent network departments to exchange early warnings about critical threats. Thanks to the...
Michele Colajanni, Mirco Marchetti, Michele Messor
Added 26 Jan 2011
Updated 26 Jan 2011
Type Journal
Year 2010
Where IEEECIT
Authors Michele Colajanni, Mirco Marchetti, Michele Messori
Comments (0)