Gesellschaft fr Informatik e.V.

Lecture Notes in Informatics


IT-Incident Management & IT-Forensics - IMF 2006, Conference Proceedings October, 18th - 19th, 2006, Stuttgart P-97, 55-66 (2006).


2006


Editors

Oliver Göbel, Dirk Schadt, Sandra Frings, Hardo Hase, Detlef Günther, Jens Nedon (eds.)


Contents

Carmentis: A co-operative approach towards situation awareness and early warning for the internet

Bernd Grobauer , Jens Ingo Mehlau and Jürgen Sander

Abstract


Although plenty of organizations collect sensor data such as IDS alerts or darknet flows, local analysis has its definite limits when it comes to derive conclusions about happenings and trends within the Internet as a whole. CarmentiS, a joint effort of the early warning working group within the German CERT association, provides an infrastructure and organizational framework for sharing, correlating and cooperatively analyzing sensor data. The infrastructure allows organizations to submit sensor data - at the moment, net flows and IDS alerts are treated - over a secure channel to a central database. Cooperative analysis of the data is made possible via a secure web front end allowing analysts of participating CERTs to create and execute analysis profiles as well as share and discuss analysis results. Thus correlating sensor data and pooling know how and resources for analysis from different sites, CarmentiS provides a framework for a co-operative approach towards situation awareness and early warning for the Internet. This article gives an overview of the CarmentiS infrastructure and organizational framework, and describes the current status of the project. It also addresses open questions that can only be solved by experimenting with co-operative analysis and gives an outlook of possible further developments of the CarmentiS approach towards improved situation awareness and early warning.


Full Text: PDF

ISBN 978-3-88579-191-1


Last changed 24.01.2012 21:56:42