‘Distack – A Framework for Distributed Anomaly-based Attack Detection’



‘The information has been provided by Christoph Mayer.
The original article can be found at: http://www.tm.uka.de/distack


‘Distack is a framework for attack detection which allows for an integration of various detection methods as lightweight modules. These modules can be combined easily and arbitrarily. Thus, an adaptation to new situations or an extension of existing systems, which until now in most cases was complex and time-consuming, is simplified. Distack, additionally, can be applied in different runtime environments transparently. This enables an easy evaluation with meaningful and comparable results based on realistic large-scale scenarios, e.g. by using a network simulator like OMNeT++ in addition with the topology and traffic generation tool ReaSE.

The attack detection methods evaluated in the simulator afterwards can be applied on real systems without additional changes. Thus, a realistic evaluation of attack detection systems and anomaly detection methods developed in the past as well as comparable results can be achieved by using Distack. To support distributed attack detection Distack supports transparent remote messaging. This way local communication inside one Distack instance can be easily extended to remote communication between distributed Distack instances.’

Categories: Tools