Rule Generation for TCP SYN Flood attack in SIEM Environment
2017; Elsevier BV; Volume: 115; Linguagem: Inglês
10.1016/j.procs.2017.09.117
ISSN1877-0509
AutoresM. Siva Niranjan Raja, A. R. Vasudevan,
Tópico(s)Network Packet Processing and Optimization
ResumoSecurity Information and Event Management (SIEM) is a combination of Security Information Management and Security Event Management. SIEM helps in the collection of events from heterogeneous devices and ordering into Common Event Format. The events collected are correlated and observed for changes in the system behaviour. Homogeneous Events such as DoS/Probe attacks can be detected by monitoring single event source. In this paper, TCP SYN flood attack is considered. RETE algorithm is applied on the network event attributes to formulate the rules and stored in database. An alert is triggered, when the rule for TCP SYN attack is matched.
Referência(s)