Title: Collaborative defence as a pervasive service: architectural insights and validation methodologies of a trial deployment

Authors: Eve M. Schooler, Carl Livadas, Joohwan Kim, Prashant Gandhi, Pablo R. Passera, Jaideep Chandrashekar, Steve Orrin, Martin Koyabe, Fadi El-Moussa, Gogobada Daa Dabibi

Addresses: Intel Labs, Santa Clara, CA 95054, USA. ' Kayak, Sunnyvale, CA 94086, USA. ' Hitachi Global Storage Technologies, San Jose, California 95135, USA. ' Intel Labs, Santa Clara, CA 95054, USA. ' Intel Software & Services Group, Cordoba 5000, Argentina. ' Intel Labs, Berkeley, CA 94704, USA. ' Intel Software & Services Group, Santa Clara, CA 95054, USA. ' BT Innovate & Design, Ipswich IP5 3RE, UK. ' BT Innovate & Design, Ipswich IP5 3RE, UK. ' BT Innovate & Design, Ipswich IP5 3RE, UK

Abstract: Network defence is an elusive art. The arsenal to defend our devices and networks from attack is constantly lagging behind the latest methods used by attackers to break into them. To counteract this trend, we developed a distributed approach comprised of collaborative end-host detectors. Simulations reveal dramatic improvements over stand-alone detectors in accuracy (fewer false alarms) and in quality (the ability to capture otherwise undetected stealthy anomalies). Although these results derive from botnet detection in enterprise networks, they have broader applicability to the self-manageability of pervasive computing devices. To test this claim, Intel Corporation partnered with British Telecommunications plc to launch a trial deployment. In this paper, we report on architectural insights and validation methodologies gleaned from the development of a testbed infrastructure and phased experiments. Finally, we propose Collaborative Defence as a blueprint for emergent collaborative systems and its measurement-everywhere approach as the adaptive underpinnings needed for pervasive services.

Keywords: collaborative systems; network security; network defence; malware; anomaly detection; intrusion detection; distributed inference; distributed systems; pervasive computing; pervasive services; validation; collaborative end-host detectors; simulation; botnet detection; botnets; enterprise networks.

DOI: 10.1504/IJSNET.2010.034616

International Journal of Sensor Networks, 2010 Vol.8 No.2, pp.65 - 76

Available online: 13 Aug 2010 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article