IEEE Transactions on Software Engineering - Special issue on computer security and privacy
TCP/IP illustrated (vol. 1): the protocols
TCP/IP illustrated (vol. 1): the protocols
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Network Management: An Introduction to Principles and Practice
Network Management: An Introduction to Principles and Practice
Intrusion Detection
Trust in Cyberspace
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
Applications of Data Mining in Computer Security
Applications of Data Mining in Computer Security
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Managing Business and Service Networks
Managing Business and Service Networks
Database Mining: A Performance Perspective
IEEE Transactions on Knowledge and Data Engineering
A Multi-agents System for Network Security Management
SMARTNET '00 Proceedings of the IFIP TC6 WG6.7 Sixth International Conference on Intelligence in Networks: Telecommunication Network Intelligence
An Approach to On-line Predictive Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Statistical Traffic Modeling for Network Intrusion Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Evaluation of Intrusion Detectors: A Decision Theory Approach
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
On the trail of intrusions into information systems
IEEE Spectrum
Proactive anomaly detection using distributed intelligent agents
IEEE Network: The Magazine of Global Internetworking
Traffic flooding attack detection with SNMP MIB using SVM
Computer Communications
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet
Journal of Network and Systems Management
The research of DDoS attack detecting algorithm based on the feature of the traffic
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Proceedings of the International Conference and Workshop on Emerging Trends in Technology
An in-depth analysis on traffic flooding attacks detection and system using data mining techniques
Journal of Systems Architecture: the EUROMICRO Journal
Hi-index | 0.00 |
Little or no integration exists today between Intrusion Detection Systems (IDSs) and SNMP-based Network Management Systems (NMSs), in spite of the extensive monitoring and alarming capabilities offered by commercial NMSs. This difficulty is mainly associated with the distinct data sources used by the two systems: packet traffic and audit records for IDSs and SNMP MIB variables for NMSs. In this paper we propose and evaluate a methodology for utilizing NMSs for the early detection of Distributed Denial of Service attacks (DDoS). A principled approach is described for discovering precursors to DDoS attacks in databases formed by MIB variables recorded from multiple domains in networked information systems. The approach is rooted in time series quantization, and in the application of the Granger Causality Test of classical statistics for selecting variables that are likely to contain precursors. A methodology is proposed for discovering precursor rules from databases containing time series related to different regimes of a system. These precursor rules relate precursor events extracted from input time series with phenomenon events extracted from output time series. Using MIB datasets collected from real experiments involving Distributed Denial of Service Attacks, it is shown that precursor rules relating activities at attacking machines with traffic floods at target machines can be extracted by the methodology. The technology has extensive applications for security management: it enables security analysts to better understand the evolution of complex computer attacks, it can be used to trigger alarms indicating that an attack is imminent, or it can be used to reduce the false alarm rates of conventional IDSs.