Preview

PDF Not available 291Kb

It is well known that intrusion detection systems can make smarter decisions if the context of the traffic being observed is known. This paper examines whether an attack detection system, looking at traffic as it arrives at gateways or firewalls, can make smarter decisions if the context of attack patterns across a class of IP addresses is known. A system that detects and forestalls the continuation of both fast attacks and slow attacks across several IP addresses is described and the development of heuristics both to ban activity from hostile IP addresses and then lift these bans is illustrated. The system not only facilitates detection of methodical multiple gateway attacks, but also acts to defeat the attack before penetration can occur.

Item Type:	Refereed Article
Keywords:	instrusion detection, scan correlation, prevention
Research Division:	Information and Computing Sciences
Research Group:	Cybersecurity and privacy
Research Field:	Cybersecurity and privacy not elsewhere classified
Objective Division:	Information and Communication Services
Objective Group:	Communication technologies, systems and services
Objective Field:	Communication technologies, systems and services not elsewhere classified
UTAS Author:	Scanlan, JD (Dr Joel Scanlan)
UTAS Author:	Hartnett, JS (Mrs Jacky Hartnett)
ID Code:	54147
Year Published:	2008
Deposited By:	Information and Communication Technology
Deposited On:	2009-02-11
Last Modified:	2014-12-09
Downloads:	0