Alert Flooding Attack on Snort and Its Mitigation Introduction
ثبت نشده
چکیده
Network Intrusion Systems employ a number of sensors for efficient reporting of attacks on the hosts in a network. But a serious problem with these sensors is that the information they produce is in a low level format and the system administrator gains no useful information from the report. In this report I am going to discuss about the usage of a method to correlate the alerts produced, the attack graph method. The subject matter of this report though will be about the discussion of a type of attack on NIDS called 'alert flooding'. The first effect of this attack is the loss of service. The sensors do not do the intended job. The second effect is that we get lot of unintended alerts which make alert correlation impossible or at least makes correlation meaningless. The report will walk through the basics of NIDS, the operation of Snort, establishing alert flooding attack and solution to mitigate it using two concepts called Token Bucket Filter and Queue Graph.
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملDetecting Web based DDoS Attack using MapReduce operations in Cloud Computing Environment
A distributed denial of service attacks are the most serious factor among network security risks in cloud computing environment. This study proposes a method of integration between HTTP GET flooding among DDOS attacks and MapReduce processing for a fast attack detection in cloud computing environment. This method is possible to ensure the availability of the target system for accurate and relia...
متن کاملCross-domain DoS link-flooding attack detection and mitigation using SDN prin- ciples
The Denial of Service (DoS) attacks pose a major threat to Internet users and services. Since the network security ecosystem is expanding over the years, new types of DoS attacks emerge. The DoS link-flooding attacks target to severely congest certain network links disrupting Internet accessibility to certain geographical areas and services passing through these links. Since crucial services li...
متن کاملMalware Characterization through Alert Pattern Discovery
We present a novel alert correlation approach based on the factor analysis statistical technique for malware characterization. Our approach involves mechanically computing a set of abstract quantities, called factors, for expressing the intrusion detection system (IDS) alerts pertaining to malware instances. These factors correspond to patterns of alerts, and can be used to succinctly character...
متن کاملDenial-of-service detection and mitigation for SIP communication networks
The Session Initiation Protocol (SIP) is the multimedia communication protocol of the future. Used for Voice-over-IP (VoIP), Internet Multimedia Subsystem (IMS) and Internet Protocol Television (IPTV), its concepts are based on mature and open standards and its use is increasing rapidly within recent years. However, with its acceptance as a mainstream communication platform, security concerns b...
متن کامل