Abstract
Cyber-attacks have become more threatening as Internet evolves, particularly for Internet Service Providers (ISPs) that play a rule of carrying them to their subscribers. In order to protect themselves and their subscribers, ISPs invest in typical protection systems like IDS, IPS, or Firewalls, that are designed for perimeter-based operation. Even though these expensive systems are efficient to protect confined environments, they do not allow ISPs to anticipate cyber-attacks. At most, ISPs might only react to them as soon as possible to maintain network services for legitimate traffic. Based on what prior DIDS approaches have lacked, our approach relies on BGP protocol to interconnect distributed intrusion detection elements, each of which cooperating by sending information about a potential threatening flow that traverses its Autonomous System (AS). We present the architecture of our approach as well as the analytic model based on Dempster-Shafer's combination rule. The results show significant improvement in terms of reliability of the combined information, that enables better countermeasures decisions.
| Original language | English |
|---|---|
| Title of host publication | 2017 1st Cyber Security in Networking Conference (CSNet) |
| Pages | 1-8 |
| Number of pages | 8 |
| DOIs | |
| Publication status | Published - 1 Jan 2018 |
Keywords
- Internet
- security of data
- telecommunication security
- telecommunication traffic
- Autonomous System
- DIDS approaches
- Dempster-Shafer's combination rule
- ISPs
- cyber-attacks
- distributed intrusion detection elements
- expensive systems
- global intrusion detection system
- internet service providers
- network services
- potential threatening flow
- subscribers
- typical protection systems
- Autonomous systems
- IP networks
- Intrusion detection
- Monitoring
- Protocols