A survey of coordinated attacks and collaborative intrusion detection

Coordinated attacks, such as large-scale stealthy scans, worm outbreaks and distributed denial-of-service (DDoS) attacks, occur in multiple networks simultaneously. Such attacks are extremely difficult to detect using isolated intrusion detection systems (IDSs) that monitor only a limited portion of...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 29; no. 1; pp. 124 - 140
Main Authors Zhou, Chenfeng Vincent, Leckie, Christopher, Karunasekera, Shanika
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.02.2010
Elsevier Sequoia S.A
Subjects
Assessment
Collaboration
Computer architecture
Denial of service attacks
IDS systems and platforms
Internet
Intrusion detection
Intrusion detection systems
Network security
Security management
Studies
Threat
Network security
Intrusion detection
IDS systems and platforms
Assessment
Threat
Online AccessGet full text

Cover

More Information
Summary:Coordinated attacks, such as large-scale stealthy scans, worm outbreaks and distributed denial-of-service (DDoS) attacks, occur in multiple networks simultaneously. Such attacks are extremely difficult to detect using isolated intrusion detection systems (IDSs) that monitor only a limited portion of the Internet. In this paper, we summarize the current research directions in detecting such attacks using collaborative intrusion detection systems (CIDSs). In particular, we highlight two main challenges in CIDS research: CIDS architectures and alert correlation algorithms. We review the current CIDS approaches in terms of these two challenges. We conclude by highlighting opportunities for an integrated solution to large-scale collaborative intrusion detection.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2009.06.008