Distributed Intrusion Detection Systems against Worms

Gyimesi, Judit; Fehér, Gábor [Fehér, Gábor (IP hálózatok, IT ...), szerző] Távközlési és Médiainformatikai Tanszék (BME / VIK); Korn, András [Korn, András (távközlés), szerző] Távközlési és Médiainformatikai Tanszék (BME / VIK)

Angol nyelvű Tudományos Nem besorolt (Egyéb)
Megjelent: pp. 59-61 2005
    Distributed Intrusion Detection Systems (DIDS) are proven to be more powerful than isolated ones. They represent a promising technology, providing ways to recognize a great variety of network attacks. Applying them either increases the possibility of successful detection, or makes it possible at all, still they are not yet widely use. In this paper we outline some areas of network security where the advantages of DIDS are spectacular, such as detecting distributed port scans, outgoing DDos attacks, and worm infectionsSolutions are based on statistical anomaly detection. IDSes are placed at several parts of the network, sharing their observations, thus reducing the number of false judgements - which is one of the greatest problems of IDSes today. We present a mathematical analysis predicting the effectiveness of our algorithm in case of worm spreads. Later, a simulation will demonstrate how the system works.
    Hivatkozás stílusok: IEEEACMAPAChicagoHarvardCSLMásolásNyomtatás
    2021-05-11 19:39