Abstract
In our earlier work we have proposed and developed a methodology for the early detection of Distributed Denial of Service (DDoS) attacks. In this paper, we examine the applicability of Proactive Intrusion Detection on a considerably more complex set-up, with hosts associated with three clusters, connected by routers. Background TCP, UDP and ICMP traffic following Interrupted Poisson Processes are superimposed on the attack traffic. We have examined six types of DDoS attacks. In four of the attacks we have obtained valid MIB-based precursors with no false alarms in all experiments. In the remaining two attacks precursors were obtained, but false alarms were observed. Procedures for eliminating these false alarms are discussed.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35674-7_66
Chapter PDF
Similar content being viewed by others
Keywords
References
S. Axelsson. The base-rate fallacy and the difficulty in intrusion detection, ACM Transactions on Information and Systems Security, vol. 3, no. 3, 2000.
J.B.D. Cabrera, L. Lewis, X. Qin, W. Lee and R.K. Mehra. Proactive Intrusion Detection and Distributed Denial of Service Attacks — A Case Study in Security Management, Journal of Network and Systems Management, vol. 10, num. 2, pp. 225–254, June 2002.
J.B.D. Cabrera and R.K. Mehra. Extracting Precursor Rules from Time Series — A Classical Statistical Viewpoint Proceedings of the Second SIAM International Conference on Data Mining, Arlington, VA, pages 213–228, April 2002.
S. Northcutt. Intrusion Detection: An Analyst’s Handbook, New Riders, 1999.
H.G. Perms. An Introduction to ATM Networks, John Wiley and Sons, 2001.
P.J. Criscuolo. Distributed Denial of Service — Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht. Technical Report CIAC-2319, Department of Energy ( CIAC — Computer Incident Advisory Capability ), February 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Cabrera, J.B.D., Lewis, L., Qin, X., Gutiérrez, C., Lee, W., Mehra, R.K. (2003). Proactive Intrusion Detection and SNMP-Based Security Management: New Experiments and Validation. In: Goldszmidt, G., Schönwälder, J. (eds) Integrated Network Management VIII. IM 2003. IFIP — The International Federation for Information Processing, vol 118. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35674-7_8
Download citation
DOI: https://doi.org/10.1007/978-0-387-35674-7_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5521-3
Online ISBN: 978-0-387-35674-7
eBook Packages: Springer Book Archive