It is well known that intrusion detection systems can make smarter decisions if the context of the traffic being observed is known. This paper examines whether an attack detection system, looking at traffic as it arrives at gateways or firewalls, can make smarter decisions if the context of attack patterns across a class of IP addresses is known. A system that detects and forestalls the continuation of both fast attacks and slow attacks across several IP addresses is described and the development of heuristics both to ban activity from hostile IP addresses and then lift these bans is illustrated. The system not only facilitates detection of methodical multiple gateway attacks, but also acts to defeat the attack before penetration can occur.
History
Publication title
International Journal of Computer Science and Network Security
Volume
8
Issue
No1, January 2008
Pagination
EJ
ISSN
1738-7906
Department/School
School of Information and Communication Technology
Publisher
International Journal of Computer Science and Network Security (IJCSNS)
Place of publication
Korea, Republic of
Rights statement
Copyright 2008 International Journal of Computer Science and Network Security
Repository Status
Restricted
Socio-economic Objectives
Communication technologies, systems and services not elsewhere classified