Profile and Threshold Based Procedures for Accurate Detection of DDoS Attacks

The authors describe Bro, a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits. They give an overview of the system's design, which emphasizes high speed (FDDI-rate) monitoring, realtime notification, clear separation between mechanism and policy, and extensibility. To achieve these ends, Bro is divided into an "Event engine" that reduces a kernel-filtered network traffic stream into a series of higher-level events and a "Policy script interpreter" that interprets event handlers written in a specialized language used to express a site's security policy.

Provided by: International Journal of Communications and Engineering Topic: Security Date Added: Nov 2012 Format: PDF

Find By Topic