Gianni Tedesco
Strategic Alert Throttling for Intrusion Detection Systems
Tedesco, Gianni; Aickelin, Uwe
Authors
Uwe Aickelin
Abstract
Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling.
Citation
Tedesco, G., & Aickelin, U. (2005). Strategic Alert Throttling for Intrusion Detection Systems.
| Conference Name | 4th WSEAS International Conference on Information Security |
|---|---|
| Publication Date | Jan 1, 2005 |
| Deposit Date | Oct 22, 2007 |
| Publicly Available Date | Oct 22, 2007 |
| Peer Reviewed | Peer Reviewed |
| Public URL | https://nottingham-repository.worktribe.com/output/1020723 |
Files
05wseas_alert_correlation.pdf
(506 Kb)
PDF
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: discovery-access-systems@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search