Framework for Evaluating Collaborative Intrusion Detection Systems


Securing IT infrastructures of our modern lives is a challenging task because of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing. In this work, we present CIDE, a Collaborative Intrusion Detection Extension for our network security simulation platform (NeSSi2). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malware-based attacks. Our simulation environment provides functionalities for easy imple- mentation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other.

author = {Dennis Grunewald and Joel Chinnow and Rainer Bye and Ahmet Camtepe and Sahin Albayrak},
title = {Framework for Evaluating Collaborative Intrusion Detection Systems},
booktitle = {...},
year = {2011},
isbn = {...},
pages = {...},
location = {...},
doi = {...},
publisher = {...},
address = {...},
Dennis Grunewald, Joel Chinnow, Rainer Bye, Seyit Ahmet Camtepe, Sahin Albayrak
Workshop über IT-Sicherheit in kollaborativen und stark vernetzten Systemen KSVS 2011; Berlin, Germany