Abstract
We describe an approach to detecting coordinated attacks in tactical wireless networks in which distributed detectors cooperate to match signatures from audit events generated at different locations. Traditionally, the signature matching engine compares the signature with a single audit data stream to identify occurrences of the action sequence described in the signature. Such approach introduces a single point of failure and uses huge bandwidth for transferring audit data from the data sources to the matching engine. Our approach decomposes an extended infinite state machine, an operational representation of an attack signature, into multiple cooperative finite state machines that enable distributed signature engines to match the signature. We describe the decomposition methodology and the distributed matching algorithm and illustrate them using several example multi-stage attacks in tactical networks. In addition, we implemented an example distributed signature matching engine for detecting the example attacks in a simulation framework based on MASON. Our approach avoids a single point of failure and reduces the bandwidth usage by communicating internal state information rather than audit events
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
