Sciweavers

IMC
2004
ACM

On scalable attack detection in the network

14 years 5 months ago
On scalable attack detection in the network
Current intrusion detection and prevention systems seek to detect a wide class of network intrusions (e.g., DoS attacks, worms, port scans) at network vantage points. Unfortunately, all the IDS systems we know of keep per-connection or per-flow state. Thus it is hardly surprising that IDS systems (other than signature detection mechanisms) have not scaled to multi-gigabit speeds. By contrast, note that both router lookups and fair queuing have scaled to high speeds using aggregation via prefix lookups or DiffServ. Thus in this paper, we initiate research into the question as to whether one can detect attacks without keeping per-flow state. We will show that such aggregation, while making fast implementations possible, immediately cause two problems. First, aggregation can cause behavioral aliasing where, for example, good behaviors can aggregate to look like bad behaviors. Second, aggregated schemes are susceptible to spoofing by which the intruder sends attacks that have appropr...
Ramana Rao Kompella, Sumeet Singh, George Varghese
Added 30 Jun 2010
Updated 30 Jun 2010
Type Conference
Year 2004
Where IMC
Authors Ramana Rao Kompella, Sumeet Singh, George Varghese
Comments (0)