Authors
Rida Khatoun, Guillaume Doyen, Dominique Gaïti, Radwane Saad, Ahmed Serhrouchni,
Title
Decentralized Alerts Correlation Approach for DDoS Intrusion Detection
In
The second International Conference on New Technologies, Mobility and Security (NTMS) , 5-7 November, 2008, Tangier, Morocco.
Pages
1–5
Publisher
IEEE Conference Publications
Year
2008
Publisher's URL
http://dx.doi.org/10.1109/NTMS.2008.ECP.36
Indexed by
Abstract
Availability is one of the main characteristics of Internet security and hence attacks against networks increase trying to stop services on servers. Distributed denial of service attacks are very dangerous for computer networks and services availability. Various defense systems were proposed. Unfortunately, until now, there is no efficient solution. This paper presents a decentralized architecture for an intrusion detection approach. The central point of this paper is the alert correlation among Snort intrusion detection systems (IDS). We believe that this approach optimizes the detection performance in a completely distributed fashion by relying on Pastry overlay network as indexing and routing protocol. We propose novel approach that will be improved in the future work.
Affiliations
Offprint