Skip to main content

Research Repository

See what's under the surface

Advanced Search

Strategic Alert Throttling for Intrusion Detection Systems

Tedesco, Gianni; Aickelin, Uwe

Authors

Gianni Tedesco

Uwe Aickelin



Abstract

Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling.

Publication Date Jan 1, 2005
Peer Reviewed Peer Reviewed
APA6 Citation Tedesco, G., & Aickelin, U. (2005). Strategic Alert Throttling for Intrusion Detection Systems
Copyright Statement Copyright information regarding this work can be found at the following address: http://eprints.nottingh.../end_user_agreement.pdf

Files

05wseas_alert_correlation.pdf (506 Kb)
PDF

Copyright Statement
Copyright information regarding this work can be found at the following address: http://eprints.nottingham.ac.uk/end_user_agreement.pdf





You might also like



Downloadable Citations

;