Communication Networks and Services Research, Annual Conference on (2008)
May 5, 2008 to May 8, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CNSR.2008.70
Attacks and intrusions to information systems cause large revenue losses. The prevention of these attacks is not always possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to react against the different actions of such an attack. The design and deployment of a decentralized system targeted at detecting as well as reacting to information system attacks might benefit from the use of the publish/subscribe model. In this paper, we discuss the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework and overview the design and implementation of our approach by using a combination of two different publish/subscribe middleware products. Furthermore, we present a quantitative evaluation of our approach.
Network Security, Attack Prevention System, Publish/Subscribe, Message Oriented Middleware, IDMEF
J. Borrell, I. Barrera, M. A. Jaeger, G. M? and J. Garcia-Alfaro, "Distributed Exchange of Alerts for the Detection of Coordinated Attacks," 2008 6th Annual Communication Networks and Services Research Conference (CNSR '08)(CNSR), Halifax, NS, 2008, pp. 96-103.