Cooperative forensics sharing

Fareed Zaffar, Gershon Kedem
2006 Proceedings of the 1st international conference on Bio inspired models of network, information and computing systems - BIONETICS '06  
Having timely and credible security information is becoming critical to network and security management. Most current sources of threat information and detection techniques suffer from having a limited view of the global threat scenario. In this paper, we present Foresight, an internet scale threat analysis, indication, early warning and response architecture. We describe the design of an incentive based cooperation scheme to create a global trusted community which is more accountable and hence
more » ... less vulnerable to attacks and abuse. Foresight utilizes this infrastructure to share a global threat view in order to detect unknown threats and isolate them. We describe a novel behavioral signature scheme to extract a generalized footprint for multi-modal threats. System performance analysis through tracebased simulations show significant benefits for sharing forensics across cooperating domains.
doi:10.1145/1315843.1315875 dblp:conf/bionetics/ZaffarK06 fatcat:gqgljqdpkzbpdfnkmambbni4uy