Teamworking for Security: The Collaborative Approach
Abstract
Collaborative methods are promising tools for solving complex security tasks. In this context, we present the security overlay framework CIMD (Collaborative Intrusion and Malware Detection), enabling participants to state objectives and interests for joint intrusion detection and find groups for the exchange of security-related data such as monitoring or detection results accordingly; to these groups we refer as detection groups. First, we present and discuss a tree-oriented taxonomy for the representation of nodes within the collaboration model. Second, we introduce and evaluate an algorithm for the formation of detection groups. After conducting a vulnerability analysis of the system, we demonstrate the validity of CIMD by examining two different scenarios inspired sociology where the collaboration is advantageous compared to the non-collaborative approach. We evaluate the benefit of CIMD by simulation in a novel packet-level simulation environment called NeSSi (Network Security Simulator) and give a probabilistic analysis for the scenarios.