کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
396723 670558 2014 21 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
An event-based platform for collaborative threats detection and monitoring
ترجمه فارسی عنوان
یک پلت فرم مبتنی بر رویداد برای شناسایی و نظارت تهدیدهای مشترک
کلمات کلیدی
سیستم های همکاری اطلاعات، نظارت بر سیستم های اطلاعاتی، پردازش رویداد، تهدیدات امنیتی، نظارت بر تقلب
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر هوش مصنوعی
چکیده انگلیسی


• We discuss the Semantic Room (SR) abstraction, which enables the construction of collaborative platforms for data aggregation and correlation aimed at early detecting attacks and frauds.
• We describe an SR for detecting port scanning by presenting two different implementations: one uses a centralized CEP engine (Esper) while the other employs a distributed one (Storm).
• We propose an SR for the monitoring of financial frauds which correlates information coming from Italian banks and other financial institutions; this SR also provides privacy-preserving mechanisms.

Organizations must protect their information systems from a variety of threats. Usually they employ isolated defenses such as firewalls, intrusion detection and fraud monitoring systems, without cooperating with the external world. Organizations belonging to the same markets (e.g., financial organizations, telco providers) typically suffer from the same cyber crimes. Sharing and correlating information could help them in early detecting those crimes and mitigating the damages.The paper discusses the Semantic Room (SR) abstraction which enables the development of collaborative event-based platforms, on the top of Internet, where data from different information systems are shared, in a controlled manner, and correlated to detect and timely react to coordinated Internet-based security threats (e.g., port scans, botnets) and frauds. In order to show the flexibility of the abstraction, the paper proposes the design, implementation and validation of two SRs: an SR that detects inter-domain port scan attacks and an SR that enables an online fraud monitoring over the Italian territory. In both cases, the SRs use real data traces for demonstrating the effectiveness of the proposed approach. In the first SR, high detection accuracy and small detection delays are achieved whereas in the second, new fraud evidence and investigation instruments are provided to law enforcement agencies.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Information Systems - Volume 39, January 2014, Pages 175–195
نویسندگان
, , , ,