Decentralized alerts correlation approach for DDoS intrusion detection

Rida Khatoun; Guillaume Doyen; Dominique Gaïti; Radwane Saad; Ahmed Serhrouchni

doi:10.1109/NTMS.2008.ECP.36

Decentralized alerts correlation approach for DDoS intrusion detection

Rida Khatoun, Guillaume Doyen, Dominique Gaïti, Radwane Saad, Ahmed Serhrouchni

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Availability is one of the main characteristics of internet security and hence attacks against networks increase trying to stop services on servers. Distributed denial of service attacks are very dangerous for computer networks and services availability. Various defense systems were proposed. Unfortunately, until now, there is no efficient solution. This paper presents a decentralized architecture for an intrusion detection approach. The central point of this paper is the alert correlation among Snort intrusion detection systems (IDS). We believe that this approach optimizes the detection performance in a completely distributed fashion by relying on Pastry overlay network as indexing and routing protocol. We propose novel approach that will be improved in the future work.

Original language	English
Title of host publication	Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008
DOIs	https://doi.org/10.1109/NTMS.2008.ECP.36
Publication status	Published - 1 Dec 2008
Externally published	Yes
Event	New Technologies, Mobility and Security Conference and Workshops, NTMS 2008 - Tangier, Morocco Duration: 5 Nov 2008 → 7 Nov 2008

Publication series

Name	Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

Conference

Conference	New Technologies, Mobility and Security Conference and Workshops, NTMS 2008
Country/Territory	Morocco
City	Tangier
Period	5/11/08 → 7/11/08

Access to Document

10.1109/NTMS.2008.ECP.36

Cite this

Khatoun, R., Doyen, G., Gaïti, D., Saad, R., & Serhrouchni, A. (2008). Decentralized alerts correlation approach for DDoS intrusion detection. In Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008 Article 4689090 (Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008). https://doi.org/10.1109/NTMS.2008.ECP.36

@inproceedings{edea9dd17d1d442d98bafe43a5cdf45d,

title = "Decentralized alerts correlation approach for DDoS intrusion detection",

abstract = "Availability is one of the main characteristics of internet security and hence attacks against networks increase trying to stop services on servers. Distributed denial of service attacks are very dangerous for computer networks and services availability. Various defense systems were proposed. Unfortunately, until now, there is no efficient solution. This paper presents a decentralized architecture for an intrusion detection approach. The central point of this paper is the alert correlation among Snort intrusion detection systems (IDS). We believe that this approach optimizes the detection performance in a completely distributed fashion by relying on Pastry overlay network as indexing and routing protocol. We propose novel approach that will be improved in the future work.",

author = "Rida Khatoun and Guillaume Doyen and Dominique Ga{\"i}ti and Radwane Saad and Ahmed Serhrouchni",

year = "2008",

month = dec,

day = "1",

doi = "10.1109/NTMS.2008.ECP.36",

language = "English",

isbn = "9782953244304",

series = "Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008",

booktitle = "Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008",

note = "New Technologies, Mobility and Security Conference and Workshops, NTMS 2008 ; Conference date: 05-11-2008 Through 07-11-2008",

}

Khatoun, R, Doyen, G, Gaïti, D, Saad, R & Serhrouchni, A 2008, Decentralized alerts correlation approach for DDoS intrusion detection. in Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008., 4689090, Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008, New Technologies, Mobility and Security Conference and Workshops, NTMS 2008, Tangier, Morocco, 5/11/08. https://doi.org/10.1109/NTMS.2008.ECP.36

Decentralized alerts correlation approach for DDoS intrusion detection. / Khatoun, Rida; Doyen, Guillaume; Gaïti, Dominique et al.
Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008. 2008. 4689090 (Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Decentralized alerts correlation approach for DDoS intrusion detection

AU - Khatoun, Rida

AU - Doyen, Guillaume

AU - Gaïti, Dominique

AU - Saad, Radwane

AU - Serhrouchni, Ahmed

PY - 2008/12/1

Y1 - 2008/12/1

N2 - Availability is one of the main characteristics of internet security and hence attacks against networks increase trying to stop services on servers. Distributed denial of service attacks are very dangerous for computer networks and services availability. Various defense systems were proposed. Unfortunately, until now, there is no efficient solution. This paper presents a decentralized architecture for an intrusion detection approach. The central point of this paper is the alert correlation among Snort intrusion detection systems (IDS). We believe that this approach optimizes the detection performance in a completely distributed fashion by relying on Pastry overlay network as indexing and routing protocol. We propose novel approach that will be improved in the future work.

AB - Availability is one of the main characteristics of internet security and hence attacks against networks increase trying to stop services on servers. Distributed denial of service attacks are very dangerous for computer networks and services availability. Various defense systems were proposed. Unfortunately, until now, there is no efficient solution. This paper presents a decentralized architecture for an intrusion detection approach. The central point of this paper is the alert correlation among Snort intrusion detection systems (IDS). We believe that this approach optimizes the detection performance in a completely distributed fashion by relying on Pastry overlay network as indexing and routing protocol. We propose novel approach that will be improved in the future work.

U2 - 10.1109/NTMS.2008.ECP.36

DO - 10.1109/NTMS.2008.ECP.36

M3 - Conference contribution

AN - SCOPUS:58049155483

SN - 9782953244304

T3 - Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

BT - Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

T2 - New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

Y2 - 5 November 2008 through 7 November 2008

ER -

Decentralized alerts correlation approach for DDoS intrusion detection

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this