Agilis: An Internet-Scale Distributed Event Processing System for Collaborative Detection of Cyber Attacks

نویسندگان

  • Leonardo Aniello
  • Roberto Baldoni
  • Gregory Chockler
  • Gennady Laventman
  • Giorgia Lodi
  • Ymir Vigfusson
چکیده

As cyber attacks become increasingly distributed and sophisticated, so must our defenses. Collaborative processing of data produced by independent sources is advantageous for early and accurate detection of Internet-based threats, and instrumental for identifying complex attack patterns that target multiple administratively and geographically disjoint entities. In this paper, we introduce Agilis – a lightweight collaborative event processing platform for sharing and correlating event data generated in real time by multiple widely distributed sources. The primary goal of the Agilis design is to tread the balance between simplicity of use, robustness and scalability on one hand, and reasonable performance in large-scale settings on the other. To this end, Agilis is built upon the open-source Hadoop’s MapReduce infrastructure, which we augmented with a RAM-based data store and various locality-oriented optimizations to improve responsiveness and reduce overheads. The processing logic is specified in a flexible high-level language, called Jaql, which supports data flows and SQL-like query constructs. We demonstrate the utility of the Agilis framework by showing how it facilitates the collaborative detection of two different exploits: stealthy inter-domain port scans used by hackers for reconnaissance, and a botnet-driven HTTP session hijacking attack. We evaluate the performance of Agilis in both scenarios, and, in the case of interdomain port scans, compare it to a centralized high-end event processing system called ESPER. Our results show that while Agilis is slower than ESPER in a local area network, its relative performance improves substantially as we move towards larger scale distributed deployments.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Collaborative Event Processing System for Protection of Critical Infrastructures from Cyber Attacks

We describe an Internet-based collaborative environment that protects geographically dispersed organizations of a critical infrastructure (e.g., financial institutions, telco providers) from coordinated cyber attacks. A specific instance of a collaborative environment for detecting malicious inter-domain port scans is introduced. This instance uses the open source Complex Event Processing (CEP)...

متن کامل

Avoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots

Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...

متن کامل

Avoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots

Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...

متن کامل

Collaborative IDS Framework for Cloud

Cloud computing is used extensively to deliver utility computing over the Internet. Defending network accessible Cloud resources and services from various threats and attacks is of great concern. Intrusion Detection System (IDS) has become popular as an important network security technology to detect cyber-attacks. In this paper, we propose a novel Collaborative IDS (CIDS) Framework for cloud. ...

متن کامل

DisTriB: Distributed Trust Management Model Based on Gossip Learning and Bayesian Networks in Collaborative Computing Systems

The interactions among peers in Peer-to-Peer systems as a distributed collaborative system are based on asynchronous and unreliable communications. Trust is an essential and facilitating component in these interactions specially in such uncertain environments. Various attacks are possible due to large-scale nature and openness of these systems that affects the trust. Peers has not enough inform...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012