Using InetVis to Evaluate Snort and Bro Scan Detection on a Network Telescope
作者: B. Irwin , J. -P. van Riel
DOI: 10.1007/978-3-540-78243-8_17
关键词: Intrusion detection system 、 Visualization 、 Computer security 、 Human assessment 、 Data mining 、 Network telescope 、 Computer science 、 Host (network)
摘要: This paper presents an investigative analysis of network scans and scan detection algorithms. Visualisation is employed to review telescope traffic identify incidents activity. Some the identified phenomena appear be novel forms host discovery. Scan algorithms used by Snort Bro intrusion systems are critiqued comparing visualised with alert output. Where human assessment disagrees output, explanations sought analysing The based on counting unique connection attempts destination addresses ports. For Snort, notable false positive negative cases result due a grossly oversimplified method
springer.com
sci-hub.st 参考文章(22)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
György J. Simon, Hui Xiong, Eric Eilertson, Vipin Kumar, Scan detection: A data mining approach siam international conference on data mining. pp. 118- 129 ,(2006) , 10.1137/1.9781611972764.11
Richard Bejtlich, Extrusion Detection: Security Monitoring for Internal Intrusions ,(2005)
Christopher D. Wickens, Diane L. Sandry, Michael Vidulich, Compatibility and Resource Competition between Modalities of Input, Central Processing, and Output: Human Factors. ,vol. 25, pp. 227- 248 ,(1983) , 10.1177/001872088302500209
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Alfonso Valdes, Martin Fong, Scalable visualization of propagating internet phenomena visualization for computer security. pp. 124- 127 ,(2004) , 10.1145/1029208.1029228
Stephen Lau, The Spinning Cube of Potential Doom Communications of The ACM. ,vol. 47, pp. 25- 26 ,(2004) , 10.1145/990680.990699
Donald G. Hays, Isn't It About Time! Counselor Education and Supervision. ,vol. 16, pp. 225- 228 ,(1977) , 10.1002/J.1556-6978.1977.TB01615.X
Robert Ball, Glenn A. Fink, Chris North, Home-centric visualization of network traffic for security administration visualization for computer security. pp. 55- 64 ,(2004) , 10.1145/1029208.1029217