Correlation and Tracking of Distributed IDS

Presented at DEF CON 10 (2002), Aug. 2, 2002, 1 p.m. (50 minutes)

Standard approaches to intrusion detection and response attempt to detect and prevent individual attacks. However, it is not the attack but rather the attacker against which our networks must be defended To do this, the information that is being provided by intrusion detect systems (IDS) must be gathered and then divided into its component parts such that the activity of individual attackers is made clear. By applying techniques from radar tracking, information warfare, and multisensor data fusion to info gathered from distributed IDS, we hope to improve the capabilities for early detection of distributed/coordinated attacks against infrastructure and the detection of the preliminary phases of distributed denial of service attacks.


Presenters:

  • Daniel Burroughs - Institute for Security Technology Studies Dartmouth College
    Daniel Burroughs is a research engineer and Ph.D. candidate at the Institute for Security Technology Studies at Dartmouth College. His areas of research have included mobile agents, distributed simulation, and distributed intrusion detection. He is also the head of engineering for SignalQuest, Inc., which specializes in the development of embedded sensors.

Links:

Similar Presentations: