Proactive Intrusion Detection and SNMP-Based Security Management: New Experiments and Validation [chapter]

J. B. D. Cabrera, L. Lewis, X. Qin, C. Gutiérrez, W. Lee, R. K. Mehra
2003 Integrated Network Management VIII  
In our earlier work we have proposed and developed a methodology for the early detection of Distributed Denial of Service (DDoS) attacks. In this paper, we examine the applicability of Proactive Intrusion Detection on a considerably more complex set-up, with hosts associated with three clusters, connected by routers. Background TCP, UDP and ICMP traffic following Interrupted Poisson Processes are superimposed on the attack traffic. We have examined six types of DDoS attacks. In four of the
more » ... ks we have obtained valid MIB-based precursors with no false alarms in all experiments. In the remaining two attacks precursors were obtained, but false alarms were observed. Procedures for eliminating these false alarms are discussed.
doi:10.1007/978-0-387-35674-7_8 fatcat:yckyl4vfrbff3ok5rr4cfzxoeq