Title :
Decentralized Alerts Correlation Approach for DDoS Intrusion Detection
Author :
Khatoun, Rida ; Doyen, Guillaume ; Gaïti, Dominique ; Saad, Radwane ; Serhrouchni, Ahmed
Author_Institution :
Univ. de Technol. de Troyes, Troyes
Abstract :
Availability is one of the main characteristics of Internet security and hence attacks against networks increase trying to stop services on servers. Distributed denial of service attacks are very dangerous for computer networks and services availability. Various defense systems were proposed. Unfortunately, until now, there is no efficient solution. This paper presents a decentralized architecture for an intrusion detection approach. The central point of this paper is the alert correlation among Snort intrusion detection systems (IDS). We believe that this approach optimizes the detection performance in a completely distributed fashion by relying on Pastry overlay network as indexing and routing protocol. We propose novel approach that will be improved in the future work.
Keywords :
Internet; computer networks; routing protocols; security of data; telecommunication security; DDoS intrusion detection; Internet security; Pastry overlay network; Snort intrusion detection systems; computer networks; decentralized alerts correlation; distributed denial of service attacks; routing protocol; Availability; Computer architecture; Computer crime; Computer networks; IP networks; Indexing; Intrusion detection; Network servers; Web and internet services; Web server;
Conference_Titel :
New Technologies, Mobility and Security, 2008. NTMS '08.
Conference_Location :
Tangier
Print_ISBN :
978-1-42443547-0
DOI :
10.1109/NTMS.2008.ECP.36
