期刊
COMPUTER NETWORKS
卷 34, 期 4, 页码 659-670出版社
ELSEVIER SCIENCE BV
DOI: 10.1016/S1389-1286(00)00135-3
关键词
intrusion detection; network IDS; distributed IDS; SNMP-based IDS; intruder tracking
Intrusions are in general characterized by some noise or indications. In the network context these signals may be seen in the TCP-RESET packets and the ICMP echo-response or destination/port unreachable packets. Analysis of network traffic has shown that the profiles of such signals due to intrusion attempts are distinctly different from those due to routine operations and/or unintentional mistakes. By monitoring such suspicious signals in a distributed framework, intrusions or attempts thereof can be effectively detected. To track down attackers who may be using spoofed addresses, a new technique-based on traffic pattern monitoring is introduced. The traffic patterns can be traced across networks. For this purpose we have developed an SNMP-based messaging system which allows friendly networks to collaborate in tracking down the intruder. Results using prototype implementations on a medium size operational network are presented. (C) 2000 Elsevier Science B.V. All rights reserved.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据