Collaborative Security

Contacts: Rainer Bye, Seyit Ahmet Camtepe

 

The research focus Collaborative Security is defined by overcoming centralized and isolated security mechanisms and instead aims for a distributed approach with the following characteristics: agents exchange their local view and knowledge, expose their abilities and form groups to achieve defined goals. The benefits of collaborative solutions are to capture a global view, the compensation of the weaknesses of individual partners and architectural benefits such as robustness and scalability. The application domains in computer and network security are manifold: Collaborative Intrusion Detection, Collaborative Policy Management, Collaborative Access Control, Collaborative Risk Assessment etc.

The immediate challenges of collaborative approaches are the formation of the groups, the design and execution of collaboration-enabled algorithms and adaptation strategies in dynamic security environments. In addition, the protection of individual privacy, complexity considerations of an approach and an adequate trust management need to be considered. The trust management itself has made its mark as an independent research field, as it occupies in the context of the Internet and the global interaction with strangers a high priority.

An important research activity of the CC SEC is the development of a framework for the collaborative detection of intrusions and malicious programs: CIMD (Collaborative Intrusion & Malware Detection). CIMD defines core components a framework for Collaborative Intrusion Detection should consider, how they can be combined and provides algorithms for group formation and (anonymous) group communication. Another aspect is the implementation of case studies solving research problems of the intrusion detection domain with help of the above-mentioned advantages of Collaborative Security, e.g. the reduction of false alarms in anomaly detection methods or the rapid deployment of signatures to prevent attacks and minimize the vulnerability interval.