Strategic Alert Throttling for Intrusion Detection Systems

Tedesco, Gianni and Aickelin, Uwe (2005) Strategic Alert Throttling for Intrusion Detection Systems. In: 4th WSEAS International Conference on Information Security, 2005, Tenerife, Spain.

WarningThere is a more recent version of this item available.
[img] PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (505kB)

Abstract

Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling.

Item Type: Conference or Workshop Item (Paper)
Schools/Departments: University of Nottingham, UK > Faculty of Science > School of Computer Science
Depositing User: Aickelin, Professor Uwe
Date Deposited: 31 Mar 2006
Last Modified: 31 May 2021 14:47
URI: https://eprints.nottingham.ac.uk/id/eprint/379

Available Versions of this Item

Actions (Archive Staff Only)

Edit View Edit View