Network Attack Detection and Defense Early Warning Systems - Challenges and Perspectives (Dagstuhl Seminar 12061)

Abstract

The increasing dependence of human society on information technology (IT)
systems requires appropriate measures to cope with their misuse. The growing
potential of threats, which make these systems more and more vulnerable, is
caused by the complexity of the technologies themselves. The potential of
threats in networked systems will further grow as well as the number of
individuals who are able to abuse these systems. It becomes increasingly
apparent that IT security cannot be achieved by prevention alone. Preventive
measures and reactive aspects need to complement one another. A major challenge
of modern IT security technologies is to cope with an exploding variability of
attacks which stems from a significant commercial motivation behind them.
Increasingly proactive measures are required to ward off these threats.

Increased efforts in research and society are required to protect critical civil
infrastructures, such as the health care system, the traffic system, power
supply, trade, military networks, and others in developed countries. This is a
consequence of the increasing shift of industrial IT systems to the IP protocol
leading to sensible IT infrastructures which are more vulnerable as the
proprietary systems used in the past. The abundance of services of modern
infrastructures critically depends on information and communication
technologies. Though, being key enablers of critical infrastructures, these
technologies are, at the same time, reckoned among the most vulnerable elements
of the whole system. The cooperative information exchange between institutions
is mandatory in order to detect distributed and coordinated attacks. Based on a
large-scale acquisition of pertinent information, Early Warning Systems
are a currently pursued approach to draw up situation pictures that allows the
detection of trends and upcoming threats, allowing furthermore taking
appropriate measures.

The Dagstuhl seminar brought together researchers from academia and industry.
The objective of the seminar was to further discuss challenges and methods in
the area of attack detection and defense. The seminar was supposed to focus on
design aspects of early warning systems and related monitoring infrastructures,
e.g., intrusion detection overlays, to protect computer systems, networks, and
critical infrastructures. The seminar was jointly organized by Georg Carle,
Hervé Debar, Hartmut König, and Jelena Mirkovic. It was attended by 34
participants from nine countries.