Sciweavers

IDTRUST
2009
ACM

Palantir: a framework for collaborative incident response and investigation

13 years 10 months ago
Palantir: a framework for collaborative incident response and investigation
Organizations owning cyber-infrastructure assets face large scale distributed attacks on a regular basis. In the face of increasing complexity and frequency of such attacks, we argue that it is insufficient to rely on organizational incident response teams or even trusted coordinating response teams. Instead, there is need to develop a framework that enables responders to establish trust and achieve an effective collaborative response and investigation process across multiple organizations and legal entities to track the adversary, eliminate the threat and pursue prosecution of the perpetrators. In this work we develop such a framework for effective collaboration. Our approach is motivated by our experiences in dealing with a large-scale distributed attack that took place in 2004 known as Incident 216. Based on our approach we present the Palantir system that comprises conceptual and technological capabilities to adequately respond to such attacks. To the best of our knowledge this ...
Himanshu Khurana, Jim Basney, Mehedi Bakht, D. Mic
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where IDTRUST
Authors Himanshu Khurana, Jim Basney, Mehedi Bakht, D. Michael Freemon, Von Welch, Randy Butler
Comments (0)