How to exchange security events? Overview and evaluation of formats and protocols

Jessica Steinberger; Anna Sperotto; Mario Golling; Harald Baier

doi:10.1109/INM.2015.7140300

How to exchange security events? Overview and evaluation of formats and protocols

Jessica Steinberger, Anna Sperotto, Mario Golling, Harald Baier

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

37 Citations (Scopus)

373 Downloads (Pure)

Abstract

Network-based attacks pose a strong threat to the Internet landscape. %As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.

Original language	Undefined
Title of host publication	IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
Place of Publication	USA
Publisher	IEEE Computer Society
Pages	261-269
Number of pages	9
ISBN (Print)	978-3-901882-76-0
DOIs	https://doi.org/10.1109/INM.2015.7140300
Publication status	Published - 13 May 2015
Event	14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015: Integrated Management in the Age of Big Data - Shaw Centre, Ottawa, Canada Duration: 11 May 2015 → 15 May 2015 Conference number: 14 http://im2015.ieee-im.org/

Publication series

Name
Publisher	IEEE Computer Society

Conference

Conference	14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
Abbreviated title	IM 2015
Country/Territory	Canada
City	Ottawa
Period	11/05/15 → 15/05/15
Internet address	http://im2015.ieee-im.org/

Keywords

EWI-25480
METIS-312463
IR-96794

Access to Document

10.1109/INM.2015.7140300

IM2015

37 Citations
1 PhD Thesis - Research UT, graduation UT

Distributed DDoS Defense - A collaborative Approach at Internet Scale
Steinberger, J., 19 Sep 2018, University of Twente. 209 p.
Research output: Thesis › PhD Thesis - Research UT, graduation UT

Open Access
File

2213 Downloads (Pure)

Cite this

@inproceedings{8a3531b6144143debff2d9ab3556d6e7,

title = "How to exchange security events? Overview and evaluation of formats and protocols",

abstract = "Network-based attacks pose a strong threat to the Internet landscape. %As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.",

keywords = "EWI-25480, METIS-312463, IR-96794",

author = "Jessica Steinberger and Anna Sperotto and Mario Golling and Harald Baier",

note = "10.1109/INM.2015.7140300 ; null ; Conference date: 11-05-2015 Through 15-05-2015",

year = "2015",

month = may,

day = "13",

doi = "10.1109/INM.2015.7140300",

language = "Undefined",

isbn = "978-3-901882-76-0",

publisher = "IEEE Computer Society",

pages = "261--269",

booktitle = "IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)",

address = "United States",

url = "http://im2015.ieee-im.org/",

}

Steinberger, J, Sperotto, A, Golling, M & Baier, H 2015, How to exchange security events? Overview and evaluation of formats and protocols. in IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE Computer Society, USA, pp. 261-269, 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, Ontario, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140300

How to exchange security events? Overview and evaluation of formats and protocols. / Steinberger, Jessica; Sperotto, Anna; Golling, Mario et al.

IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA : IEEE Computer Society, 2015. p. 261-269.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - How to exchange security events? Overview and evaluation of formats and protocols

AU - Steinberger, Jessica

AU - Sperotto, Anna

AU - Golling, Mario

AU - Baier, Harald

N1 - Conference code: 14

PY - 2015/5/13

Y1 - 2015/5/13

N2 - Network-based attacks pose a strong threat to the Internet landscape. %As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.

AB - Network-based attacks pose a strong threat to the Internet landscape. %As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.

KW - EWI-25480

KW - METIS-312463

KW - IR-96794

U2 - 10.1109/INM.2015.7140300

DO - 10.1109/INM.2015.7140300

M3 - Conference contribution

SN - 978-3-901882-76-0

SP - 261

EP - 269

BT - IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)

PB - IEEE Computer Society

CY - USA

Y2 - 11 May 2015 through 15 May 2015

ER -

How to exchange security events? Overview and evaluation of formats and protocols

Abstract

Publication series

Conference

Keywords

Access to Document

Research output

Distributed DDoS Defense - A collaborative Approach at Internet Scale

Cite this