Library Open Repository

A context aware attack detection system

Downloads

Downloads per month over past year

Scanlan, J and Hartnett, J (2008) A context aware attack detection system. IJCSNS International Journal of Computer Science and Network Security, 8 (1). pp. 75-84. ISSN 1738-7906

This is the latest version of this item.

[img] PDF
A_Context_Aware_Scan_Detection_System.pdf | Request a copy
Full text restricted

Abstract

It is well known that intrusion detection systems can make smarter decisions if the context of the traffic being observed is known. This paper examines whether an attack detection system, looking at traffic as it arrives at gateways or firewalls, can make smarter decisions if the context of attack patterns across a class of IP addresses is known. A system that detects and forestalls the continuation of both fast attacks and slow attacks across several IP addresses is described and the development of heuristics both to ban activity from hostile IP addresses and then lift these bans is illustrated. The system not only facilitates detection of methodical multiple gateway attacks, but also acts to defeat the attack before penetration can occur.

Item Type: Article
Keywords: Intrusion Detection, Firewalls, Prevention, Analysis
Journal or Publication Title: IJCSNS International Journal of Computer Science and Network Security
Page Range: pp. 75-84
ISSN: 1738-7906
Date Deposited: 22 Aug 2005
Last Modified: 18 Nov 2014 03:10
URI: http://eprints.utas.edu.au/id/eprint/195
Item Statistics: View statistics for this item

Available Versions of this Item

Repository Staff Only (login required)

Item Control Page Item Control Page