MAD: A middleware framework for multi-step attack detection

Panagiotis Papadopoulos, Thanasis Petsas, Giorgos Christou, Giorgos Vasiliadis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Signature-based network intrusion detection systems (NIDS) are one of the most popular tools used to detect and stop malicious attacks or unwanted actions. However, as network attacks become more sophisticated and diversified, the accuracy of signature-based NIDS that rely only on live network traffic decreases significantly. Recent research efforts have proposed to archive the raw contents of the network traffic stream to disk, in order to enable later inspection of activity that becomes interesting only in retrospect. Unfortunately, the ever increasing network traffic and capacity make the collection and archiving of multi-gigabit network streams very challenging. In this paper, we review different mechanisms and techniques to efficiently store the captured network traffic to disk. We also propose an architecture that will integrate all these mechanisms into a single middleware platform that will be used by network monitoring applications in order to enhance their functionalities. Our approach will offer the ability to analyze and correlate multiple security activities, as well as, in terms of forensic analysis, to perform post-mortem incident analysis in order to asses the given damage.

Original languageEnglish
Title of host publicationProceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages8-15
Number of pages8
ISBN (Electronic)9781467389440
DOIs
Publication statusPublished - 6 Jan 2017
Externally publishedYes
Event4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015 - Kyoto, Japan
Duration: 5 Nov 2015 → …

Other

Other4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015
CountryJapan
CityKyoto
Period5/11/15 → …

Fingerprint

Intrusion detection
Middleware
Inspection
Monitoring

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Papadopoulos, P., Petsas, T., Christou, G., & Vasiliadis, G. (2017). MAD: A middleware framework for multi-step attack detection. In Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015 (pp. 8-15). [7809529] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BADGERS.2015.9

MAD : A middleware framework for multi-step attack detection. / Papadopoulos, Panagiotis; Petsas, Thanasis; Christou, Giorgos; Vasiliadis, Giorgos.

Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015. Institute of Electrical and Electronics Engineers Inc., 2017. p. 8-15 7809529.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Papadopoulos, P, Petsas, T, Christou, G & Vasiliadis, G 2017, MAD: A middleware framework for multi-step attack detection. in Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015., 7809529, Institute of Electrical and Electronics Engineers Inc., pp. 8-15, 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015, Kyoto, Japan, 5/11/15. https://doi.org/10.1109/BADGERS.2015.9
Papadopoulos P, Petsas T, Christou G, Vasiliadis G. MAD: A middleware framework for multi-step attack detection. In Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015. Institute of Electrical and Electronics Engineers Inc. 2017. p. 8-15. 7809529 https://doi.org/10.1109/BADGERS.2015.9
Papadopoulos, Panagiotis ; Petsas, Thanasis ; Christou, Giorgos ; Vasiliadis, Giorgos. / MAD : A middleware framework for multi-step attack detection. Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 8-15
@inproceedings{408c585012e14880994e7616c1abe3a6,
title = "MAD: A middleware framework for multi-step attack detection",
abstract = "Signature-based network intrusion detection systems (NIDS) are one of the most popular tools used to detect and stop malicious attacks or unwanted actions. However, as network attacks become more sophisticated and diversified, the accuracy of signature-based NIDS that rely only on live network traffic decreases significantly. Recent research efforts have proposed to archive the raw contents of the network traffic stream to disk, in order to enable later inspection of activity that becomes interesting only in retrospect. Unfortunately, the ever increasing network traffic and capacity make the collection and archiving of multi-gigabit network streams very challenging. In this paper, we review different mechanisms and techniques to efficiently store the captured network traffic to disk. We also propose an architecture that will integrate all these mechanisms into a single middleware platform that will be used by network monitoring applications in order to enhance their functionalities. Our approach will offer the ability to analyze and correlate multiple security activities, as well as, in terms of forensic analysis, to perform post-mortem incident analysis in order to asses the given damage.",
author = "Panagiotis Papadopoulos and Thanasis Petsas and Giorgos Christou and Giorgos Vasiliadis",
year = "2017",
month = "1",
day = "6",
doi = "10.1109/BADGERS.2015.9",
language = "English",
pages = "8--15",
booktitle = "Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - MAD

T2 - A middleware framework for multi-step attack detection

AU - Papadopoulos, Panagiotis

AU - Petsas, Thanasis

AU - Christou, Giorgos

AU - Vasiliadis, Giorgos

PY - 2017/1/6

Y1 - 2017/1/6

N2 - Signature-based network intrusion detection systems (NIDS) are one of the most popular tools used to detect and stop malicious attacks or unwanted actions. However, as network attacks become more sophisticated and diversified, the accuracy of signature-based NIDS that rely only on live network traffic decreases significantly. Recent research efforts have proposed to archive the raw contents of the network traffic stream to disk, in order to enable later inspection of activity that becomes interesting only in retrospect. Unfortunately, the ever increasing network traffic and capacity make the collection and archiving of multi-gigabit network streams very challenging. In this paper, we review different mechanisms and techniques to efficiently store the captured network traffic to disk. We also propose an architecture that will integrate all these mechanisms into a single middleware platform that will be used by network monitoring applications in order to enhance their functionalities. Our approach will offer the ability to analyze and correlate multiple security activities, as well as, in terms of forensic analysis, to perform post-mortem incident analysis in order to asses the given damage.

AB - Signature-based network intrusion detection systems (NIDS) are one of the most popular tools used to detect and stop malicious attacks or unwanted actions. However, as network attacks become more sophisticated and diversified, the accuracy of signature-based NIDS that rely only on live network traffic decreases significantly. Recent research efforts have proposed to archive the raw contents of the network traffic stream to disk, in order to enable later inspection of activity that becomes interesting only in retrospect. Unfortunately, the ever increasing network traffic and capacity make the collection and archiving of multi-gigabit network streams very challenging. In this paper, we review different mechanisms and techniques to efficiently store the captured network traffic to disk. We also propose an architecture that will integrate all these mechanisms into a single middleware platform that will be used by network monitoring applications in order to enhance their functionalities. Our approach will offer the ability to analyze and correlate multiple security activities, as well as, in terms of forensic analysis, to perform post-mortem incident analysis in order to asses the given damage.

UR - http://www.scopus.com/inward/record.url?scp=85013130564&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85013130564&partnerID=8YFLogxK

U2 - 10.1109/BADGERS.2015.9

DO - 10.1109/BADGERS.2015.9

M3 - Conference contribution

AN - SCOPUS:85013130564

SP - 8

EP - 15

BT - Proceedings - 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2015

PB - Institute of Electrical and Electronics Engineers Inc.

ER -