Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation

Joaquin Garcia, Fabien Autrel, Joan Borrell, Sergio Castillo, Frederic Cuppens, Guillermo Navarro

    Research output: Contribution to journalArticleResearchpeer-review

    15 Citations (Scopus)

    Abstract

    We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform coordinated attacks against third party networks. By means of a cooperative scheme based on message passing, the different nodes of this system will collaborate to detect its participation on a coordinated attack and will react to avoid it. An overview of the implementation of this architecture for GNU/Linux systems will demonstrate the practicability of the system. © Springer-Verlag 2004.
    Original languageEnglish
    Pages (from-to)223-235
    JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume3269
    Publication statusPublished - 1 Dec 2004

    Keywords

    • Alert Correlation
    • Intrusion Detection
    • Publish-Subscribe Systems

    Fingerprint

    Dive into the research topics of 'Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation'. Together they form a unique fingerprint.

    Cite this