Strategic Alert Throttling for Intrusion Detection Systems

Details Strategic Alert Throttling for Intrusion Detection Systems Strategic Alert Throttling for Intrusion Detection Systems

2008-01-28

arxiv.org/abs/0801.4119v3

4th WSEAS International Conference on Information Security (WSEAS 2005), Tenerife, Spain, 2005

Computer Science

Neural and Evolutionary Computing

Scientific paper

Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling.

Affiliated with

Also associated with

No associations

Rating

Strategic Alert Throttling for Intrusion Detection Systems does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with Strategic Alert Throttling for Intrusion Detection Systems, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Strategic Alert Throttling for Intrusion Detection Systems will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-156313