Strategic Alert Throttling for Intrusion Detection Systems
Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present t...
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2005
|
| Online Access: | https://eprints.nottingham.ac.uk/379/ |
| _version_ | 1848790403908632576 |
|---|---|
| author | Tedesco, Gianni Aickelin, Uwe |
| author_facet | Tedesco, Gianni Aickelin, Uwe |
| author_sort | Tedesco, Gianni |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling. |
| first_indexed | 2025-11-14T18:12:04Z |
| format | Conference or Workshop Item |
| id | nottingham-379 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-14T18:12:04Z |
| publishDate | 2005 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-3792021-05-31T14:47:47Z https://eprints.nottingham.ac.uk/379/ Strategic Alert Throttling for Intrusion Detection Systems Tedesco, Gianni Aickelin, Uwe Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an extent that the resources required to successfully mount the attack become prohibitive. The key idea presented is to combine a token bucket filter with a realtime correlation algorithm. The proposed algorithm throttles alert output from the IDS when an attack is detected. The attack graph used in the correlation algorithm is used to make sure that alerts crucial to forming strategies are not discarded by throttling. 2005 Conference or Workshop Item PeerReviewed application/pdf en https://eprints.nottingham.ac.uk/379/1/05wseas_alert_correlation.pdf Tedesco, Gianni and Aickelin, Uwe (2005) Strategic Alert Throttling for Intrusion Detection Systems. In: 4th WSEAS International Conference on Information Security, 2005, Tenerife, Spain. |
| spellingShingle | Tedesco, Gianni Aickelin, Uwe Strategic Alert Throttling for Intrusion Detection Systems |
| title | Strategic Alert Throttling for Intrusion Detection Systems |
| title_full | Strategic Alert Throttling for Intrusion Detection Systems |
| title_fullStr | Strategic Alert Throttling for Intrusion Detection Systems |
| title_full_unstemmed | Strategic Alert Throttling for Intrusion Detection Systems |
| title_short | Strategic Alert Throttling for Intrusion Detection Systems |
| title_sort | strategic alert throttling for intrusion detection systems |
| url | https://eprints.nottingham.ac.uk/379/ |