survey

Taxonomy and Survey of Collaborative Intrusion Detection

Authors:
Emmanouil Vasilomanolakis

Technische Universität Darmstadt/CASED

Technische Universität Darmstadt/CASED
View Profile

,
Shankar Karuppayah

Technische Universität Darmstadt/CASED

Technische Universität Darmstadt/CASED
View Profile

,
Max Mühlhäuser

Technische Universität Darmstadt/CASED

Technische Universität Darmstadt/CASED
View Profile

,
Mathias Fischer

Technische Universität Darmstadt/CASED

Technische Universität Darmstadt/CASED
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 47 Issue 4Article No.: 55pp 1–33https://doi.org/10.1145/2716260

Published:11 May 2015Publication History

ACM Computing Surveys

Abstract

The dependency of our society on networked computers has become frightening: In the economy, all-digital networks have turned from facilitators to drivers; as cyber-physical systems are coming of age, computer networks are now becoming the central nervous systems of our physical world—even of highly critical infrastructures such as the power grid. At the same time, the 24/7 availability and correct functioning of networked computers has become much more threatened: The number of sophisticated and highly tailored attacks on IT systems has significantly increased. Intrusion Detection Systems (IDSs) are a key component of the corresponding defense measures; they have been extensively studied and utilized in the past. Since conventional IDSs are not scalable to big company networks and beyond, nor to massively parallel attacks, Collaborative IDSs (CIDSs) have emerged. They consist of several monitoring components that collect and exchange data. Depending on the specific CIDS architecture, central or distributed analysis components mine the gathered data to identify attacks. Resulting alerts are correlated among multiple monitors in order to create a holistic view of the network monitored. This article first determines relevant requirements for CIDSs; it then differentiates distinct building blocks as a basis for introducing a CIDS design space and for discussing it with respect to requirements. Based on this design space, attacks that evade CIDSs and attacks on the availability of the CIDSs themselves are discussed. The entire framework of requirements, building blocks, and attacks as introduced is then used for a comprehensive analysis of the state of the art in collaborative intrusion detection, including a detailed survey and comparison of specific CIDS approaches.

References

Eugene Albin and Neil C. Rowe. 2012. A realistic experimental comparison of the suricata and snort intrusion-detection systems. In Proceedings of the 26th International Conference on Advanced Information Networking and Applications Workshops. IEEE, 122--127. Google ScholarDigital Library
Stephanos Androutsellis-Theotokis and Diomidis Spinellis. 2004. A survey of peer-to-peer content distribution technologies. ACM Computing Surveys (CSUR) 36, 4 (2004), 335--371. Google ScholarDigital Library
Stefan Axelsson. 2000. Intrusion Detection Systems: A Survey and Taxonomy. Technical Report. Department of Computer Engineering, Chalmers University.Google Scholar
Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, and Felix Freiling. 2006. The nepenthes platform: An efficient approach to collect malware. Lecture Notes in Computer Science 4219 (2006), 165--184. Google ScholarDigital Library
Jai Sundar Balasubramaniyan, Jose Omar Garcia-fernandez, David Isacoff, Eugene Spafford, and Diego Zamboni Ý. 1998. An architecture for intrusion detection using autonomous agents. In Proceedings of the IEEE Computer Security Applications Conference. 13--24. Google ScholarDigital Library
Bazara I. A. Barry and H. Anthony Chan. 2010. Intrusion detection systems. In Handbook of Information and Communication Security. Springer Berlin, 193--205.Google Scholar
John Bethencourt, J. Franklin, and M. Vernon. 2005. Mapping internet sensors with probe response attacks. In Proceedings of the 14th USENIX Security Symposium. 193--208. Google ScholarDigital Library
Michael Brinkmeier, Mathias Fischer, Sascha Grau, and Guenter Schaefer. 2009. Towards the design of unexploitable construction mechanisms for multiple-tree based P2P streaming systems. In Kommunikation in Verteilten Systemen (KiVS). Springer, Berlin, 193--204.Google Scholar
Andrei Broder and Michael Mitzenmacher. 2004. Network applications of bloom filters: A survey. Internet Mathematics 1, 4 (Jan. 2004), 485--509.Google ScholarCross Ref
Rainer Bye, Seyit Ahmet Campete, and Sahin Albayrak. 2010. Collaborative intrusion detection framework: Characteristics, adversarial opportunities and countermeasures. In Proceedings of the Workshop on Collaborative Methods for Security and Privacy (CollSec). 1--12. Google ScholarDigital Library
Yu Chen Cai, Min, Kai Hwang, Yu-Kwong Kwok, and Shanshan Song. 2005. Collaborative internet worm containment. IEEE Security and Privacy Magazine 3, 3 (May 2005), 25--33. Google ScholarDigital Library
Antony I. T. Castro, Miguel, Druschel, Peter Kermarrec, and A.-M. Rowstron. 2002. Scribe: A large-scale and decentralized application-level multicast infrastructure. IEEE Journal on Selected Areas in Communications 20, 8 (Oct. 2002), 1489--1499. Google ScholarDigital Library
Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection: A survey. Computer Surveys 41, 3 (July 2009), 1--58. Google ScholarDigital Library
Tsung-huan Cheng, Y. Lin, Yuan-cheng Lai, and Po-ching Lin. 2011. Evasion techniques: Sneaking through your intrusion detection/prevention systems. IEEE Communications Surveys & Tutorials 99 (2011), 1--10.Google Scholar
Steven Cheung, Rick Crawford, Mark Dilger, Jeremy Frank, Jim Hoagland, Karl Levitt, Je Rowe, Stuart Staniford-chen, Raymond Yip, and Dan Zerkle. 1999. The Design of GrIDS: A Graph-Based Intrusion Detection System. Technical Report. University of California at Davis.Google Scholar
Mark Crosbie, B. Dole, T. Ellis, Ivan Krsul, and E. H. Spafford. 1996. Idiot-Users Guide. Technical Report.Google Scholar
Frédéric Cuppens. 2001. Managing alerts in a multi-intrusion detection environment. In Annual Computer Security Applications. IEEE, 22--31. Google ScholarDigital Library
Frédéric Cuppens and Alexandre Miège. 2002. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the IEEE Symposium on Security and Privacy (S&P’’02). IEEE, 202--215. Google ScholarDigital Library
Zoltán Czirkos and Gábor Hosszú. 2012. Enhancing collaborative intrusion detection methods using a kademlia overlay network. In Proceedings of hte 18th EUNICE/IFIP WG 6.2, 6.6 International Conference, Vol. 7479. Springer, 52--63.Google ScholarCross Ref
Oliver Dain and Robert K. Cunningham. 2001. Fusing a heterogeneous alert stream into scenarios. In Proceedings of the ACM Workshop on Data Mining for Security Applications. 1--13.Google Scholar
Herve Debar, David A. Curry, and Benjamin S. Feinstein. 2007. The Intrusion Detection Message Exchange Format (IDMEF). The Internet Engineering Task Force (IETF).Google Scholar
Hervé Debar, Marc Dacier, and Andreas Wespi. 1999. Towards a taxonomy of intrusion-detection systems. Computer Networks 31, 8 (April 1999), 805--822. Google ScholarDigital Library
Herve Debar and Andreas Wespi. 2001. Aggregation and correlation of intrusion-detection alerts. In Recent Advances in Intrusion Detection. Springer, 85--103. Google ScholarDigital Library
John R. Douceur. 2002. The sybil attack. In Peer-to-Peer Systems. Springer, Berlin, 251--260. Google ScholarDigital Library
Claudiu Duma, Martin Karresand, Nahid Shahmehri, and Germano Caronni. 2006. A trust-aware, P2P-based overlay for intrusion detection. In Proceedings of the International Conference on Database and Expert Systems Applications (DEXA’06). IEEE, 692--697. Google ScholarDigital Library
Steven T. Eckmann, Giovanni Vigna, and Richard A. Kemmerer. 2002. STATL: An attack language for state-based intrusion detection. Journal of Computer Security 10, 1--2 (2002), 71--103. Google ScholarDigital Library
Huwaida Tagelsir Elshoush and Izzeldin Mohamed Osman. 2011. Alert correlation in collaborative intelligent intrusion detection systems—A survey. Applied Soft Computing 11, 7 (Oct. 2011), 4349--4365. Google ScholarDigital Library
Prahlad Fogla, Monirul I. Sharif, Roberto Perdisci, Oleg M. Kolesnikov, and Wenke Lee. 2006. Polymorphic blending attacks. In Proceedings of the USENIX Security Symposium. 241--256. Google ScholarDigital Library
Carol Fung. 2011. Collaborative intrusion detection networks and insider attacks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2, 1 (2011), 63--74.Google Scholar
Carol Fung, Olga Baysal, Jie Zhang, Issam Aib, and Raouf Boutaba. 2008. Trust management for host-based collaborative intrusion detection. Managing Large-Scale Service Deployment 5273 (2008), 109--122. Google ScholarDigital Library
Carol J. Fung, Jie Zhang, Issam Aib, and Raouf Boutaba. 2009. Robust and scalable trust management for collaborative intrusion detection. In Proceedings of the International Symposium on Integrated Network Management. IEEE, 33--40. Google ScholarDigital Library
Ayalvadi J. Ganesh, A.-M. Kermarrec, and Laurent Massoulié. 2003. Peer-to-peer membership management for gossip-based protocols. IEEE Transactions on Computing 52, 2 (Feb. 2003), 139--149. Google ScholarDigital Library
Joaquin Garcia, Fabien Autrel, Joan Borrell, Sergio Castillo, Frederic Cuppens, and Guillermo Navarro. 2004. Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. In Information and Communications Security. Springer, 223--235.Google Scholar
Pedro Garcia-Teodoro, J. Diaz-Verdejo, Gabriel Maciá-Fernández, and Enrique Vázquez. 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security 28, 1--2 (Feb. 2009), 18--28. Google ScholarDigital Library
Manuel Gil Pérez, Félix Gómez Mármol, Gregorio Martínez Pérez, and Antonio F. Skarmeta Gómez. 2013. RepCIDN: A reputation-based collaborative intrusion detection network to lessen the impact of malicious alarms. Journal of Network and Systems Management 21, 1 (March 2013), 128--167. Google ScholarDigital Library
Li Gong. 2001. JXTA: A network programming environment. IEEE Internet Computing 5, 3 (2001), 88--95. Google ScholarDigital Library
John R. Goodall, Wayne G. Lutters, and Anita Komlodi. 2004. I know my network: Collaboration and expertise in intrusion detection. In Proceedings of the ACM Conference on Computer Supported Cooperative Work. ACM, 342--345. Google ScholarDigital Library
Nicholas J. A. Harvey, Michael B. Jones, Stefan Saroiu, Marvin Theimer, and Alec Wolman. 2003. Skipnet: A scalable overlay network with practical locality properties. In Proceedings of the USENIX Symposium on Internet Technologies and Systems (USITS), Vol. 4. USENIX Association, Seattle, WA, 1--14. Google ScholarDigital Library
Mark D. Hill. 1990. What is scalability&quest; ACM SIGARCH Computer Architecture News 18, 4 (1990), 18--21. Google ScholarDigital Library
Ramaprabhu Janakiraman, Marcel Waldvogel, and Qi Zhang. 2003. Indra: A peer-to-peer approach to network intrusion detection and prevention. In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’03). IEEE, 226--231. Google ScholarDigital Library
Peyman Kabiri and Ali A. Ghorbani. 2005. Research on intrusion detection and response: A survey. International Journal of Network Security 1, 2 (2005), 84--102.Google Scholar
Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. 2003. The eigentrust algorithm for reputation management in P2P networks. In Proceedings of the 12th International Conference on World Wide Web (WWW’03). 640. Google ScholarDigital Library
Pradeep Kannadiga and Mohammad Zulkernine. 2005. DIDMA: A distributed intrusion detection system using mobile agents. In Proceedings of the International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing. IEEE, 238--245. Google ScholarDigital Library
Christopher Krügel, Thomas Toth, and Clemens Kerer. 2002. Decentralized event correlation for intrusion detection. In Proceedings of the International Conference on Information Security and Cryptology (ICISC’02), Vol. 2288. Springer, Berlin, 114--131. Google ScholarDigital Library
Christopher Krugel, Thomas Toth, and Engin Kirda. 2002. Service specific anomaly detection for network intrusion detection. In Proceedings of the ACM Symposium on Applied Computing (SAC’02). ACM, 201--208. Google ScholarDigital Library
Butler W. Lampson. 1973. A note on the confinement problem. Communications of the ACM 16, 10 (Oct. 1973), 613--615. Google ScholarDigital Library
Aleksandar Lazarevic, Vipin Kumar, and Jaideep Srivastava. 2005. Intrusion detection: A survey. In Managing Cyber Threats. Vol. 5. Springer, 19--78.Google Scholar
Zhichun Li, Yan Chen, and Aaron Beach. 2006. Towards scalable and robust distributed intrusion alert fusion with good load balancing. In Proceedings of the SIGCOMM Workshop on Large-Scale Attack Defense (LSAD’06). ACM, New York, 115--122. Google ScholarDigital Library
Richard Lippmann, Joshua W. Haines, David J. Fried, Jonathan Korba, and Kumar Das. 2000. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34, 4 (Oct. 2000), 579--595. Google ScholarDigital Library
Michael E. Locasto, Janak J. Parekh, Angelos D. Keromytis, and Salvatore J. Stolfo. 2005. Towards collaborative security and P2P intrusion detection. In Proceedings of the IEEE Workshop on Information Assurance and Security. IEEE, 333--339.Google Scholar
Michael E. Locasto, Janak J. Parekh, Salvatore Stolfo, and Vishal Misra. 2004. Collaborative Distributed Intrusion Detection. Technical Report. Columbia University.Google Scholar
Mirco Marchetti, Michele Messori, and Michele Colajanni. 2009. Peer-to-peer architecture for collaborative intrusion and malware detection on a large scale. Lecture Notes in Computer Science 5735 (2009), 475--490. Google ScholarDigital Library
Sergio Marti and Hector Garcia-Molina. 2006. Taxonomy of trust: Categorizing P2P reputation systems. Computer Networks 50, 4 (March 2006), 472--484. Google ScholarDigital Library
Vern Paxson. 1999. Bro: A system for detecting network intruders in real-time. Computer Networks 31, 23--24 (Dec. 1999), 2435--2463. Google ScholarDigital Library
Phillip A. Porras, Martin W. Fong, and Alfonso Valdes. 2002. A mission-impact-based approach to INFOSEC alarm correlation. In Proceedings of the Conference on Recent Advances in Intrusion Detection (RAID’02). Springer, 95--114. Google ScholarDigital Library
Phillip A. Porras and Peter G. Neumann. 1997. EMERALD: Event monitoring enabling response to anomalous live disturbances. In Proceedings of the National Information Systems Security Conference (NISSC’97). 353--365.Google Scholar
Georgios Portokalidis, Asia Slowinska, and Herbert Bos. 2006. Argos: An emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. ACM SIGOPS Operating Systems Review 40, 4 (2006), 15--27. Google ScholarDigital Library
Moheeb Abu Rajab, Fabian Monrose, and Andreas Terzis. 2006. Fast and evasive attacks: Highlighting the challenges ahead. In Recent Advances in Intrusion Detection, Vol. 4219. Springer, Berlin, 206--225. Google ScholarDigital Library
Geetha Ramachandran and Delbert Hart. 2004. A P2P intrusion detection system based on mobile agents. In Proceedings of the Southeast Regional Conference ACM-SE. ACM, 185--190. Google ScholarDigital Library
Paul Resnick, Ko Kuwabara, Richard Zeckhauser, and Eric Friedman. 2000. Reputation systems. Communications of the ACM 43, 12 (2000), 45--48. Google ScholarDigital Library
Sean Rhea, Dennis Geels, Timothy Roscoe, and John Kubiatowicz. 2004. Handling churn in a DHT. In Proceedings of the USENIX Annual Techincal Conference. 127--140. Google ScholarDigital Library
Sean Rhea, Brighten Godfrey, and Brad Karp. 2005. OpenDHT: A public DHT service and its uses. ACM SIGCOMM Computer Communication Review 35, 4 (2005), 73--84. Google ScholarDigital Library
Martin Roesch. 1999. Snort-lightweight intrusion detection for networks. In Proceedings of the USENIX Conference on System Administration. 229--238. Google ScholarDigital Library
Antony Rowstron and Peter Druschel. 2001. Pastry: Scalable, decentralized object location, and routing for large-scale peer-to-peer systems. Middleware 2001 (2001), 329--350. Google ScholarDigital Library
Poly Sen, Nabendu Chaki, and Rituparna Chaki. 2008. HIDS: Honesty-rate based collaborative intrusion detection system for mobile ad-hoc networks. In Proceedings of the 7th Computer Information Systems and Industrial Management Applications. IEEE, 121--126. Google ScholarDigital Library
Yoichi Shinoda, K. Ikai, and M. Itoh. 2005. Vulnerabilities of passive internet threat monitors. In Proceedings of the 14th USENIX Security Symposium. 209--224. Google ScholarDigital Library
Vitaly Shmatikov and Ming-Hsiu Wang. 2007. Security against probe-response attacks in collaborative intrusion detection. In Proceedings of the Workshop on Large Scale Attack Defense (LSAD’07). ACM, New York, USA, 129--136. Google ScholarDigital Library
Steven Snapp, James Brentano, Gihan Dias, Terrance Goan, Todd Heberlein, Che-Lin Ho, Karl Levitt, Biswanath Mukherjee, Stephen Smaha, Tim Grance, Daniel Teal, and Doug Mansur. 1991. DIDS (Distributed intrusion detection system): Motivation, architecture, and an early prototype. In Proceedings of the 14th National Computer Security Conference. 167--176.Google Scholar
Aditya K. Sood and Richard J. Enbody. 2013. Targeted cyber attacks: A superset of advanced persistent threats. IEEE Security & Privacy 11, 1 (2013), 54--61. Google ScholarDigital Library
Eugene H. Spafford and Diego Zamboni. 2000. Intrusion detection using autonomous agents. Computer Networks 34, 4 (2000), 547--570. Google ScholarDigital Library
Lance Spitzner. 2003. Honeypots: Catching the insider threat. In Proceedings of the Computer Security Applications Conference. IEEE, 170--179. Google ScholarDigital Library
A. Srivastava, B. B. Gupta, A. Tyagi, Anupama Sharma, and Anupama Mishra. 2011. A recent survey on DDoS attacks and defense mechanisms. In Advances in Parallel Distributed Computing. Springer, 570--580.Google Scholar
Staniford-Chen, Steven Cheung Stuart, Richard Crawford, Mark Dilger, Jeremy Frank, James Hoagland, Karl Levitt, Christopher Wee, Raymond Yip, and Dan Zerkle. 1996. GrIDS—A graph based intrusion detection system for large networks. In Proceedings of the National Information Systems Security Conference. 361--370.Google Scholar
Kymie M. C. Tan, Kevin S. Killourhy, and Roy A. Maxion. 2002. Undermining an anomaly-based intrusion detection system using common exploits. In Recent Advances in Intrusion Detection, Vol. 2516. Springer, Berlin, 54--73. Google ScholarDigital Library
Alfonso Valdes and Keith Skinner. 2001. Probabilistic alert correlation. In Recent Advances in Intrusion Detection. Springer, 54--68. Google ScholarDigital Library
Emmanouil Vasilomanolakis, Mathias Fischer, Max Mühlhäuser, Peter Ebinger, Panayotis Kikiras, and Sebastian Schmerl. 2013. Collaborative intrusion detection in smart energy grids. In Proceedings of the International Symposium for ICS & SCADA Cyber Security. Electronic Workshops in Computing (eWiC), 97--100. Google ScholarDigital Library
Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera. 2009. Decentralized multi-dimensional alert correlation for collaborative intrusion detection. Journal of Network and Computer Applications 32, 5 (Sept. 2009), 1106--1123. Google ScholarDigital Library
Vivek Vishnumurthy and Paul Francis. 2006. On heterogeneous overlay construction and random node selection in unstructured P2P networks. In Proceedings of the International Conference on Computer Communications (INFOCOMM’06). IEEE, 1--12.Google ScholarCross Ref
Vasileios Vlachos, Stephanos Androutsellis-Theotokis, and Diomidis Spinellis. 2004. Security applications of peer-to-peer networks. Computer Networks 45, 2 (2004), 195--205. Google ScholarDigital Library
David Wagner and Paolo Soto. 2002. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’02). ACM, New York, USA, 255--264. Google ScholarDigital Library
Vinod Yegneswaran, Paul Barford, and Somesh Jha. 2004. Global intrusion detection in the domino overlay system. In Network and Distributed System Security (NDSS).Google Scholar
Sebastian Zander, Grenville J. Armitage, and Philip Branch. 2007. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys 9 (2007), 44--57. Google ScholarDigital Library
Zheng Zhang, Jun Li, C. N. Manikopoulos, Jay Jorgenson, and Jose Ucles. 2001. HIDE: A hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proceedings of the IEEE Workshop on Information Assurance and Security. IEEE, 85--90.Google Scholar
Chenfeng Vincent Zhou, Shanika Karunasekera, and Christopher Leckie. 2005. A peer-to-peer collaborative intrusion detection system. In Proceedings of the International Conference on Networks. IEEE, 118--123.Google Scholar
Chenfeng Vincent Zhou, Shanika Karunasekera, and Christopher Leckie. 2007. Evaluation of a decentralized architecture for large scale collaborative intrusion detection. In Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management. IEEE, 80--89.Google ScholarCross Ref
Chenfeng Vincent Zhou and Christopher Leckie. 2008. Relieving hot spots in collaborative intrusion detection systems during worm outbreaks. In Proceedings of the 2008 IEEE Network Operations and Management Symposium (NOMS’08). IEEE, 49--56.Google ScholarCross Ref
Chenfeng Vincent Zhou, Christopher Leckie, and Shanika Karunasekera. 2010. A survey of coordinated attacks and collaborative intrusion detection. Computers & Security 29, 1 (Feb. 2010), 124--140. Google ScholarDigital Library

Index Terms

Taxonomy and Survey of Collaborative Intrusion Detection
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks

Recommendations

Alert correlation in collaborative intelligent intrusion detection systems-A survey

As complete prevention of computer attacks is not possible, intrusion detection systems (IDSs) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuse- and ...
Read More
A survey of coordinated attacks and collaborative intrusion detection

Coordinated attacks, such as large-scale stealthy scans, worm outbreaks and distributed denial-of-service (DDoS) attacks, occur in multiple networks simultaneously. Such attacks are extremely difficult to detect using isolated intrusion detection ...
Read More
Decentralized multi-dimensional alert correlation for collaborative intrusion detection

The growth in coordinated network attacks such as scans, worms and distributed denial-of-service (DDoS) attacks is a profound threat to the security of the Internet. Collaborative intrusion detection systems (CIDSs) have the potential to detect these ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 47, Issue 4
July 2015
573 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2775083
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering/University of Florida/Gainesville, FL
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 May 2015
- Accepted: 1 January 2015
- Revised: 1 November 2014
- Received: 1 February 2014
Published in csur Volume 47, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Collaborative intrusion detection
attacks
classification
network security
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 229
  Total Citations
  View Citations
- 3,341
  Total Downloads
- Downloads (Last 12 months)149
- Downloads (Last 6 weeks)14
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Taxonomy and Survey of Collaborative Intrusion Detection

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Alert correlation in collaborative intelligent intrusion detection systems-A survey

A survey of coordinated attacks and collaborative intrusion detection

Decentralized multi-dimensional alert correlation for collaborative intrusion detection