How to exchange security events? Overview and evaluation of formats and protocols

Jessica Steinberger, Anna Sperotto, Mario Golling, Harald Baier

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    22 Citations (Scopus)
    216 Downloads (Pure)

    Abstract

    Network-based attacks pose a strong threat to the Internet landscape. %As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.
    Original languageUndefined
    Title of host publicationIFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
    Place of PublicationUSA
    PublisherIEEE Computer Society
    Pages261-269
    Number of pages9
    ISBN (Print)978-3-901882-76-0
    DOIs
    Publication statusPublished - 13 May 2015
    EventIFIP/IEEE International Symposium on Integrated Network Management 2015: Integrated Management in the Age of Big Data - Ottawa, Canada
    Duration: 11 May 201515 May 2015
    http://im2015.ieee-im.org/

    Publication series

    Name
    PublisherIEEE Computer Society

    Conference

    ConferenceIFIP/IEEE International Symposium on Integrated Network Management 2015
    Abbreviated titleIM 2015
    CountryCanada
    CityOttawa
    Period11/05/1515/05/15
    Internet address

    Keywords

    • EWI-25480
    • METIS-312463
    • IR-96794

    Cite this

    Steinberger, J., Sperotto, A., Golling, M., & Baier, H. (2015). How to exchange security events? Overview and evaluation of formats and protocols. In IFIP/IEEE International Symposium on Integrated Network Management (IM 2015) (pp. 261-269). USA: IEEE Computer Society. https://doi.org/10.1109/INM.2015.7140300
    Steinberger, Jessica ; Sperotto, Anna ; Golling, Mario ; Baier, Harald. / How to exchange security events? Overview and evaluation of formats and protocols. IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA : IEEE Computer Society, 2015. pp. 261-269
    @inproceedings{8a3531b6144143debff2d9ab3556d6e7,
    title = "How to exchange security events? Overview and evaluation of formats and protocols",
    abstract = "Network-based attacks pose a strong threat to the Internet landscape. {\%}As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.",
    keywords = "EWI-25480, METIS-312463, IR-96794",
    author = "Jessica Steinberger and Anna Sperotto and Mario Golling and Harald Baier",
    note = "10.1109/INM.2015.7140300",
    year = "2015",
    month = "5",
    day = "13",
    doi = "10.1109/INM.2015.7140300",
    language = "Undefined",
    isbn = "978-3-901882-76-0",
    publisher = "IEEE Computer Society",
    pages = "261--269",
    booktitle = "IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)",
    address = "United States",

    }

    Steinberger, J, Sperotto, A, Golling, M & Baier, H 2015, How to exchange security events? Overview and evaluation of formats and protocols. in IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE Computer Society, USA, pp. 261-269, IFIP/IEEE International Symposium on Integrated Network Management 2015, Ottawa, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140300

    How to exchange security events? Overview and evaluation of formats and protocols. / Steinberger, Jessica; Sperotto, Anna; Golling, Mario; Baier, Harald.

    IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA : IEEE Computer Society, 2015. p. 261-269.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - How to exchange security events? Overview and evaluation of formats and protocols

    AU - Steinberger, Jessica

    AU - Sperotto, Anna

    AU - Golling, Mario

    AU - Baier, Harald

    N1 - 10.1109/INM.2015.7140300

    PY - 2015/5/13

    Y1 - 2015/5/13

    N2 - Network-based attacks pose a strong threat to the Internet landscape. %As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.

    AB - Network-based attacks pose a strong threat to the Internet landscape. %As of today network flow-based information is used as data source for detecting anomalous network traffic because flow data yields an aggregated view on the network and protects the users' privacy. Recent approaches to mitigate and resolve these threats focus on cooperation of Internet service providers and their exchange of security event information. A major benefit of a cooperation is that it might counteract a network-based attack at its root and provides the possibility to inform other cooperative partners about the occurrence of anomalous events as a proactive service. In this paper we provide a structured overview of existing exchange formats and protocols. We evaluate and compare the exchange formats and protocols in context of high-speed networks. In particular, we focuses on flow data. In addition, we investigate the exchange of potentially sensitive data. For our overview, we review different exchange formats and protocols with respect to their use-case scenario, their interoperability with network flow-based data, their scalability in a high-speed network context and develop a classification.

    KW - EWI-25480

    KW - METIS-312463

    KW - IR-96794

    U2 - 10.1109/INM.2015.7140300

    DO - 10.1109/INM.2015.7140300

    M3 - Conference contribution

    SN - 978-3-901882-76-0

    SP - 261

    EP - 269

    BT - IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)

    PB - IEEE Computer Society

    CY - USA

    ER -

    Steinberger J, Sperotto A, Golling M, Baier H. How to exchange security events? Overview and evaluation of formats and protocols. In IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA: IEEE Computer Society. 2015. p. 261-269 https://doi.org/10.1109/INM.2015.7140300