A Context Aware Attack Detection System Across Multiple Gateways
Scanlan, J and Lorimer, S and Hartnett, J and Manderson, K (2004) A Context Aware Attack Detection System Across Multiple Gateways. Working Paper. UNSPECIFIED.
|PDF - Requires a PDF viewer|
It is well known that intrusion detection systems can make smarter decisions if the context of the traffic being observed is known. This paper examines whether an attack detection system, looking at traffic as it arrives at gateways or firewalls, can make smarter decisions if the context of attack patterns across a class of IP addresses is known. A system that detects and forestalls the continuation of both fast attacks and slow attacks across several IP addresses is described and the development of heuristics both to ban activity from hostile IP addresses and then lift these bans is illustrated. The system not only facilitates detection of methodical multiple gateway attacks, but also acts to defeat the attack before penetration can occur.
|Item Type:||Report (Working Paper)|
|Keywords:||Intrusion Detection, Firewalls, Prevention, Analysis|
|Deposited By:||utas eprints|
|Deposited On:||07 Oct 2004|
|Last Modified:||18 Jul 2008 19:37|
|ePrint Statistics:||View statistics for this ePrint|
Available Versions of this Item
- A Context Aware Attack Detection System Across Multiple Gateways. (deposited 07 Oct 2004) [Currently Displayed]
Repository Staff Only: item control page