Examining Intrusion Prevention System events from worldwide networks

Sathya Chandran Sundaramurthy, Sandeep Bhatt, Marc R. Eisenbarth

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.

Original languageEnglish
Title of host publicationBADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Pages5-12
Number of pages8
DOIs
StatePublished - 2012
Event2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012 - Raleigh, NC, United States
Duration: 15 Oct 201215 Oct 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012
Country/TerritoryUnited States
CityRaleigh, NC
Period15/10/1215/10/12

Keywords

  • Big data analysis
  • HP TippingPoint
  • Intrusion Prevention System
  • Threat analysis

Fingerprint

Dive into the research topics of 'Examining Intrusion Prevention System events from worldwide networks'. Together they form a unique fingerprint.

Cite this