Proactive Intrusion Detection and SNMP-based Security Management: New Experiments and Validation
Integrated Network Management(2003)
摘要
In our earlier work we have proposed and developed a methodology for the early detection of Distributed Denial of Service (DDoS) attacks. In this paper, we examine the applicability of Proactive Intrusion Detection on a considerably more complex set-up, with hosts associated with three clusters, connected by routers. Background TCP, UDP and ICMP traffic following Interrupted Poisson Processes are superimposed on the attack traffic. We have examined six types of DDoS attacks. In four of the attacks we have obtained valid MIB-based precursors with no false alarms in all experiments. In the remaining two attacks precursors were obtained, but false alarms were observed. Procedures for eliminating these false alarms are discussed.
更多查看译文
关键词
Internet,computer network management,data warehouses,monitoring,statistical analysis,stochastic processes,telecommunication security,telecommunication traffic,transport protocols,DDoS attacks,ICMP,MIB-based precursors,SNMP-based security management,TCP,UDP,attack traffic,background traffic,data warehousing,distributed denial of service,false alarm elimination,host clusters,interrupted Poisson processes,proactive intrusion detection,routers,statistical methods,systems monitoring
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要