Proactive intrusion detection and SNMP-based security management: new experiments and validation

Author

Cabrera, J.B.D. ; Lewis, L. ; Qin, Xiameng ; Gutierrez, Carlos ; Lee, W. ; Mehra, R.K.

fYear

2003

fDate

24-28 March 2003

Firstpage

93

Lastpage

96

Abstract

In our earlier work we have proposed and developed a methodology for the early detection of distributed denial of service (DDoS) attacks. In this paper, we examine the applicability of proactive intrusion detection on a considerably more complex set-up, with hosts associated with three clusters, connected by routers. Background TCP, UDP and ICMP traffic following interrupted Poisson processes are superimposed on the attack traffic. We have examined six types of DDoS attacks. In four of the attacks we have obtained valid MIB-based precursors with no false alarms in all experiments. In the remaining two attacks precursors were obtained, but false alarms were observed. Procedures for eliminating these false alarms are discussed.

Keywords

Internet; computer network management; data warehouses; monitoring; statistical analysis; stochastic processes; telecommunication security; telecommunication traffic; transport protocols; DDoS attacks; ICMP; MIB-based precursors; SNMP-based security management; TCP; UDP; attack traffic; background traffic; data warehousing; distributed denial of service; false alarm elimination; host clusters; interrupted Poisson processes; proactive intrusion detection; routers; statistical methods; systems monitoring; Computer crime; Data security; Information security; Intrusion detection; Monitoring; Statistical analysis; TCPIP; Telecommunication traffic; Traffic control; Warehousing;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management, 2003. IFIP/IEEE Eighth International Symposium on

Print_ISBN

1-4020-7418-2

Type

conf

DOI

10.1109/INM.2003.1194163

Filename

1194163