Carmentis: A co-operative approach towards situation awareness and early warning for the internet
Although plenty of organizations collect sensor data such as IDS alerts or darknet flows, local analysis has its definite limits when it comes to derive conclusions about happenings and trends within the Internet as a whole. CarmentiS, a joint effort of the early warning working group within the German CERT association, provides an infrastructure and organizational framework for sharing, correlating and cooperatively analyzing sensor data. The infrastructure allows organizations to submit sensor data - at the moment, net flows and IDS alerts are treated - over a secure channel to a central database. Cooperative analysis of the data is made possible via a secure web front end allowing analysts of participating CERTs to create and execute analysis profiles as well as share and discuss analysis results. Thus correlating sensor data and pooling know how and resources for analysis from different sites, CarmentiS provides a framework for a co-operative approach towards situation awareness and early warning for the Internet. This article gives an overview of the CarmentiS infrastructure and organizational framework, and describes the current status of the project. It also addresses open questions that can only be solved by experimenting with co-operative analysis and gives an outlook of possible further developments of the CarmentiS approach towards improved situation awareness and early warning.
Full Text: PDF