The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

An event-based platform for collaborative threats detection and monitoring

An event-based platform for collaborative threats detection and monitoring
An event-based platform for collaborative threats detection and monitoring
Organizations must protect their information systems from a variety of threats. Usually they employ isolated defenses such as firewalls, intrusion detection and fraud monitoring systems, without cooperating with the external world. Organizations belonging to the same markets (e.g., financial organizations, telco providers) typically suffer from the same cyber crimes. Sharing and correlating information could help them in early detecting those crimes and mitigating the damages.

The paper discusses the Semantic Room (SR) abstraction which enables the development of collaborative event-based platforms, on the top of Internet, where data from different information systems are shared, in a controlled manner, and correlated to detect and timely react to coordinated Internet-based security threats (e.g., port scans, botnets) and frauds. In order to show the flexibility of the abstraction, the paper proposes the design, implementation and validation of two SRs: an SR that detects inter-domain port scan attacks and an SR that enables an online fraud monitoring over the Italian territory. In both cases, the SRs use real data traces for demonstrating the effectiveness of the proposed approach. In the first SR, high detection accuracy and small detection delays are achieved whereas in the second, new fraud evidence and investigation instruments are provided to law enforcement agencies.
0306-4379
175-195
Lodi, Giorgia
8bdc04d7-ea75-4aa6-b4bd-459e547a8b38
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Di Luna, Giuseppe A.
e71a29f9-44f3-47a7-baca-792c8593310c
Baldoni, Roberto
6ea5e1cc-92fe-4b9d-9ed3-0b7970553965
Lodi, Giorgia
8bdc04d7-ea75-4aa6-b4bd-459e547a8b38
Aniello, Leonardo
9846e2e4-1303-4b8b-9092-5d8e9bb514c3
Di Luna, Giuseppe A.
e71a29f9-44f3-47a7-baca-792c8593310c
Baldoni, Roberto
6ea5e1cc-92fe-4b9d-9ed3-0b7970553965

Lodi, Giorgia, Aniello, Leonardo, Di Luna, Giuseppe A. and Baldoni, Roberto (2014) An event-based platform for collaborative threats detection and monitoring. Information Systems, 39, 175-195. (doi:10.1016/j.is.2013.07.005).

Record type: Article

Abstract

Organizations must protect their information systems from a variety of threats. Usually they employ isolated defenses such as firewalls, intrusion detection and fraud monitoring systems, without cooperating with the external world. Organizations belonging to the same markets (e.g., financial organizations, telco providers) typically suffer from the same cyber crimes. Sharing and correlating information could help them in early detecting those crimes and mitigating the damages.

The paper discusses the Semantic Room (SR) abstraction which enables the development of collaborative event-based platforms, on the top of Internet, where data from different information systems are shared, in a controlled manner, and correlated to detect and timely react to coordinated Internet-based security threats (e.g., port scans, botnets) and frauds. In order to show the flexibility of the abstraction, the paper proposes the design, implementation and validation of two SRs: an SR that detects inter-domain port scan attacks and an SR that enables an online fraud monitoring over the Italian territory. In both cases, the SRs use real data traces for demonstrating the effectiveness of the proposed approach. In the first SR, high detection accuracy and small detection delays are achieved whereas in the second, new fraud evidence and investigation instruments are provided to law enforcement agencies.

Text
informationSystemAttackFraud_v1.4 - Accepted Manuscript
Available under License University of Southampton Accepted Manuscript Licence.
Download (9MB)
Text
informationSystemAttackFraud-v1.4
Restricted to Repository staff only
Request a copy

More information

Accepted/In Press date: 31 July 2013
e-pub ahead of print date: 27 August 2013
Published date: January 2014
Learn more about School of Electronics and Computer Science research

Identifiers

Local EPrints ID: 423353
URI: http://eprints.soton.ac.uk/id/eprint/423353
DOI: doi:10.1016/j.is.2013.07.005
ISSN: 0306-4379
PURE UUID: 44c479f8-e1a3-49c1-bb7e-8f784761bfa2
ORCID for Leonardo Aniello: ORCID iD orcid.org/0000-0003-2886-8445

Catalogue record

Date deposited: 20 Sep 2018 16:30
Last modified: 16 Mar 2024 04:32

Export record

Altmetrics

Contributors

Author: Giorgia Lodi
Author: Leonardo Aniello ORCID iD
Author: Giuseppe A. Di Luna
Author: Roberto Baldoni

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×