Collaborating against common enemies
作者: Dina Katabi , Balachander Krishnamurthy , Sachin Katti
关键词:
摘要: This paper presents the first wide-scale study of correlated attacks, i.e., attacks mounted by same source IP against different networks. Using a large dataset from 1700 intrusion detection systems (IDSs), we show that are prevalent in current Internet; 20% all offending sources mount and they account for more than 40% IDS alerts our logs. We also reveal important characteristics these attacks. Correlated appear at networks within few minutes each other, indicating difficulty warding off occasional offline exchange lists malicious addresses. Furthermore, highly targeted. The IDSs can be divided into small groups with 4-6 members do not change time; group experience number while see almost no Our results have implications on collaborative common attackers. They collaborating need to alert information realtime. Further, exchanging among fixed correlation achieves benefits as IDSs, dramatically reducing overhead.
core.ac.uk
acm.org
sci-hub.st 参考文章(19)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Naji Habra, Baudouin Le Charlier, Abdelaziz Mounji, Isabelle Mathieu, ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis european symposium on research in computer security. pp. 435- 450 ,(1992) , 10.1007/BFB0013912
G. Vigna, S.T. Eckmann, R.A. Kemmerer, The STAT tool suite darpa information survivability conference and exposition. ,vol. 2, pp. 46- 55 ,(2000) , 10.1109/DISCEX.2000.821508
Stefano Zanero, Behavioral Intrusion Detection international symposium on computer and information sciences. pp. 657- 666 ,(2004) , 10.1007/978-3-540-30182-0_66
Judith Hochberg, Kathleen Jackson, Cathy Stallings, J.F. McClary, David DuBois, Josephine Ford, NADIR: An automated system for detecting network intrusion and misuse Computers & Security. ,vol. 12, pp. 235- 248 ,(1993) , 10.1016/0167-4048(93)90110-Q
Vinod Yegneswaran, Paul Barford, Johannes Ullrich, Internet intrusions: global characteristics and prevalence measurement and modeling of computer systems. ,vol. 31, pp. 138- 147 ,(2003) , 10.1145/781027.781045
Eugene H Spafford, Diego Zamboni, Intrusion detection using autonomous agents recent advances in intrusion detection. ,vol. 34, pp. 547- 570 ,(2000) , 10.1016/S1389-1286(00)00136-5
D. Moore, C. Shannon, G.M. Voelker, S. Savage, Internet quarantine: requirements for containing self-propagating code international conference on computer communications. ,vol. 3, pp. 1901- 1910 ,(2003) , 10.1109/INFCOM.2003.1209212
Evan Cooke, Michael Bailey, Z Morley Mao, David Watson, Farnam Jahanian, Danny McPherson, None, Toward understanding distributed blackhole placement workshop on rapid malcode. pp. 54- 64 ,(2004) , 10.1145/1029618.1029627
Gregory White, Vdo Pooch, Refereed paper: Cooperating security managers: Distributed intrusion detection systems Computers & Security. ,vol. 15, pp. 441- 450 ,(1996) , 10.1016/0167-4048(96)00012-0