TY - GEN
T1 - Examining Intrusion Prevention System events from worldwide networks
AU - Sundaramurthy, Sathya Chandran
AU - Bhatt, Sandeep
AU - Eisenbarth, Marc R.
PY - 2012
Y1 - 2012
N2 - We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.
AB - We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.
KW - Big data analysis
KW - HP TippingPoint
KW - Intrusion Prevention System
KW - Threat analysis
UR - http://www.scopus.com/inward/record.url?scp=84869422450&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84869422450&partnerID=8YFLogxK
U2 - 10.1145/2382416.2382422
DO - 10.1145/2382416.2382422
M3 - Conference contribution
AN - SCOPUS:84869422450
SN - 9781450316613
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 5
EP - 12
BT - BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
T2 - 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012
Y2 - 15 October 2012 through 15 October 2012
ER -