Title :
Proactive intrusion detection and SNMP-based security management: new experiments and validation
Author :
Cabrera, J.B.D. ; Lewis, L. ; Qin, Xiameng ; Gutierrez, Carlos ; Lee, W. ; Mehra, R.K.
Abstract :
In our earlier work we have proposed and developed a methodology for the early detection of distributed denial of service (DDoS) attacks. In this paper, we examine the applicability of proactive intrusion detection on a considerably more complex set-up, with hosts associated with three clusters, connected by routers. Background TCP, UDP and ICMP traffic following interrupted Poisson processes are superimposed on the attack traffic. We have examined six types of DDoS attacks. In four of the attacks we have obtained valid MIB-based precursors with no false alarms in all experiments. In the remaining two attacks precursors were obtained, but false alarms were observed. Procedures for eliminating these false alarms are discussed.
Keywords :
Internet; computer network management; data warehouses; monitoring; statistical analysis; stochastic processes; telecommunication security; telecommunication traffic; transport protocols; DDoS attacks; ICMP; MIB-based precursors; SNMP-based security management; TCP; UDP; attack traffic; background traffic; data warehousing; distributed denial of service; false alarm elimination; host clusters; interrupted Poisson processes; proactive intrusion detection; routers; statistical methods; systems monitoring; Computer crime; Data security; Information security; Intrusion detection; Monitoring; Statistical analysis; TCPIP; Telecommunication traffic; Traffic control; Warehousing;
Conference_Titel :
Integrated Network Management, 2003. IFIP/IEEE Eighth International Symposium on
Print_ISBN :
1-4020-7418-2
DOI :
10.1109/INM.2003.1194163