On the Identifiability of Multi-Observer Hidden Markovmodels
Most large attacks on the Internet are distributed. As a result, such attacks are only partially observed by any one Internet Service Provider (ISP). Detection would be significantly easier with pooled observations, but privacy concerns often limit the information that providers are willing to share. Multiparty secure distributed computation provides a means for combining observations without compromising privacy. In this paper, the authors show the benefits of this approach, the most notable of which is that combinations of observations solve identifiability problems in existing approaches for detecting network attacks.