This paper presents the first wide-scale study of correlated attacks, i.e., attacks mounted by the same source IP against different networks. Using a large dataset from 1700 intrusion detection systems (IDSs), we show that correlated attacks are prevalent in the current Internet; 20 % of all offending sources mount correlated attacks and they account for more than 40 % of all the IDS alerts in our logs. We also reveal important characteristics of these attacks. Correlated attacks appear at different networks within a few minutes of each other, indicating the difficulty of warding off these attacks by occasional offline exchange of lists of malicious IP addresses. Furthermore, correlated attacks are highly targeted. The 1700 IDSs can be divi...
Attacks to information systems are becoming moresophisticated and traditional algorithms supporting ...
Network intrusion detection sensors are usually built around low level models of network traffic. Th...
Intrusion detection is an important part of networkedsystems security protection. Although commercia...
This paper presents the first wide-scale study of correlated attacks, i.e., attacks mounted by the s...
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer S...
In this paper we analyze the coordinated port scan attack where a single adversary coordinates a Gro...
International audienceGenerally, the intruder must perform several actions, organized in an intrusio...
The rapidly increasing array of Internet-scale threats is a pressing problem for every organization ...
Network monitoring systems generate a high number of alerts reporting on anomalies and suspicious ac...
Complementary security systems are widely deployed in networks to protect digital assets. Alert corr...
Cyber attacks are becoming increasingly complex, especially when the target is a modern IT infrastru...
Cyber-attacks have nowadays become more frightening than ever before. The growing dependency of our ...
The impact of computer networks on modern society cannot be estimated. Arguably, computer networks a...
Intrusion detection systems (IDS) perform an important role in the provision of network security, pr...
Over the past decade Intrusion Detection Systems (IDS) have been steadily improving their efficiency...
Attacks to information systems are becoming moresophisticated and traditional algorithms supporting ...
Network intrusion detection sensors are usually built around low level models of network traffic. Th...
Intrusion detection is an important part of networkedsystems security protection. Although commercia...
This paper presents the first wide-scale study of correlated attacks, i.e., attacks mounted by the s...
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer S...
In this paper we analyze the coordinated port scan attack where a single adversary coordinates a Gro...
International audienceGenerally, the intruder must perform several actions, organized in an intrusio...
The rapidly increasing array of Internet-scale threats is a pressing problem for every organization ...
Network monitoring systems generate a high number of alerts reporting on anomalies and suspicious ac...
Complementary security systems are widely deployed in networks to protect digital assets. Alert corr...
Cyber attacks are becoming increasingly complex, especially when the target is a modern IT infrastru...
Cyber-attacks have nowadays become more frightening than ever before. The growing dependency of our ...
The impact of computer networks on modern society cannot be estimated. Arguably, computer networks a...
Intrusion detection systems (IDS) perform an important role in the provision of network security, pr...
Over the past decade Intrusion Detection Systems (IDS) have been steadily improving their efficiency...
Attacks to information systems are becoming moresophisticated and traditional algorithms supporting ...
Network intrusion detection sensors are usually built around low level models of network traffic. Th...
Intrusion detection is an important part of networkedsystems security protection. Although commercia...