基于P2P的入侵警报发布/订阅系统

针对集中式发布/订阅系统不可扩展性的问题,本文提出一种构建于结构化P2P网络的入侵警报发布/订阅系统,节点之间通过发布/订阅机制分享入侵情报信息,以形成对于当前网络威胁的全局观点;提出了一种多属性的警报关联方案,从初级入侵警报中提取重要的入侵模式;在Pastry上实现了一个原型系统,通过Witty蠕虫数据集对系统进行仿真评估。实验结果表明,该方案具有良好的负载均衡特性。

A P2P-based Intrusion Alert Subscribe/Publish System

For the poor scalability of the centralized architecture, we propose an intrusion alert subscribe/publish system over the structured P2P network, which enables all the participating intrusion detection systems to share suspicious intelligence with each other to form a global view of the current security threats. An alert-correlation scheme based on multiple features is proposed to extract the significant intrusion patterns from raw intrusion alerts. We implement a prototype based on Pastry, and evaluate it with Witty Worm datasets. The experimental results show good load balancing of the scheme.