A cooperative approach for a global intrusion detection system for internet service providers

摘要

Cyber-attacks have become more threatening as Internet evolves, particularly for Internet Service Providers (ISPs) that play a rule of carrying them to their subscribers. In order to protect themselves and their subscribers, ISPs invest in typical protection systems like IDS, IPS, or Firewalls, that are designed for perimeter-based operation. Even though these expensive systems are efficient to protect confined environments, they do not allow ISPs to anticipate cyber-attacks. At most, ISPs might only react to them as soon as possible to maintain network services for legitimate traffic. Based on what prior DIDS approaches have lacked, our approach relies on BGP protocol to interconnect distributed intrusion detection elements, each of which cooperating by sending information about a potential threatening flow that traverses its Autonomous System (AS). We present the architecture of our approach as well as the analytic model based on Dempster-Shafer's combination rule. The results show significant improvement in terms of reliability of the combined information, that enables better countermeasures decisions.