Attacks on information systems followed by intrusions may cause large revenue losses. The prevention of both is not always possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to recognize and react to the different actions of such an attack. The design and deployment of a decentralized system targeted at detecting as well as reacting to information system attacks might benefit from the loose coupling realized by publish/subscribe middleware. In this paper, we present the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework. Furthermore, we present the design and implementation of our approach based on existing publish/subscribe middleware and evaluate our approach for GNU/Linux systems.
@article{arxiv.0802.3718,
title = {Preventing Coordinated Attacks Via Distributed Alert Exchange},
author = {Joaquin Garcia-Alfaro and Michael A. Jaeger and Gero Muehl and Joan Borrell},
journal= {arXiv preprint arXiv:0802.3718},
year = {2008}
}