Collaborative defence as a pervasive service: architectural insights and validation methodologies of a trial deployment

Abstract

Network defence is an elusive art. The arsenal to defend our devices and networks from attack is constantly lagging behind the latest methods used by attackers to break into them. To counteract this trend, we developed a distributed approach comprised of collaborative end-host detectors. Simulations reveal dramatic improvements over stand-alone detectors in accuracy (fewer false alarms) and in quality (the ability to capture otherwise undetected stealthy anomalies). Although these results derive from botnet detection in enterprise networks, they have broader applicability to the self-manageability of pervasive computing devices. To test this claim, Intel Corporation partnered with British Telecommunications plc to launch a trial deployment. In this paper, we report on architectural insights and validation methodologies gleaned from the development of a testbed infrastructure and phased experiments. Finally, we propose Collaborative Defence as a blueprint for emergent collaborative systems and its measurement-everywhere approach as the adaptive underpinnings needed for pervasive services.