On the limits of payload-oblivious network attack detection

9Citations
Citations of this article
23Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We introduce a methodology for evaluating network intrusion detection systems using an observable attack space, which is a parameterized representation of a type of attack that can be observed in a particular type of log data. Using the observable attack space for log data that does not include payload (e.g., NetFlow data), we evaluate the effectiveness of five proposed detectors for bot harvesting and scanning attacks, in terms of their ability (even when used in conjunction) to deter the attacker from reaching his goals. We demonstrate the ranges of attack parameter values that would avoid detection, or rather that would require an inordinately high number of false alarms in order to detect them consistently. © 2008 Springer-Verlag Berlin Heidelberg.

Cite

CITATION STYLE

APA

Collins, M. P., & Reiter, M. K. (2008). On the limits of payload-oblivious network attack detection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5230 LNCS, pp. 251–270). https://doi.org/10.1007/978-3-540-87403-4_14

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free