1st International ICST Conference on Bio Inspired Models of Network, Information and Computing Systems

Research Article

Cooperative forensics sharing

  • @INPROCEEDINGS{10.1145/1315843.1315875,
        author={Fareed Zaffar and Gershon  Kedem},
        title={Cooperative forensics sharing},
        proceedings={1st International ICST Conference on Bio Inspired Models of Network, Information and Computing Systems},
        publisher={ACM},
        proceedings_a={BIONETICS},
        year={2006},
        month={12},
        keywords={},
        doi={10.1145/1315843.1315875}
    }
    
  • Fareed Zaffar
    Gershon Kedem
    Year: 2006
    Cooperative forensics sharing
    BIONETICS
    ACM
    DOI: 10.1145/1315843.1315875
Fareed Zaffar1,*, Gershon Kedem1,*
  • 1: Department of Computer Science, Duke University, Box 90129, Durham NC 27708
*Contact email: fareed@cs.duke.edu, kedem@cs.duke.edu

Abstract

Having timely and credible security information is becoming critical to network and security management. Most current sources of threat information and detection techniques suffer from having a limited view of the global threat scenario. In this paper, we present Foresight, an internet scale threat analysis, indication, early warning and response architecture. We describe the design of an incentive based cooperation scheme to create a global trusted community which is more accountable and hence less vulnerable to attacks and abuse. Foresight utilizes this infrastructure to share a global threat view in order to detect unknown threats and isolate them. We describe a novel behavioral signature scheme to extract a generalized footprint for multi-modal threats. System performance analysis through trace-based simulations show significant benefits for sharing forensics across cooperating domains.