Examining Intrusion Prevention System events from worldwide networks

Sathya Chandran Sundaramurthy, Sandeep Bhatt, Marc R. Eisenbarth

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.

Original languageEnglish (US)
Title of host publicationBADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Pages5-12
Number of pages8
DOIs
StatePublished - Nov 26 2012
Externally publishedYes
Event2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012 - Raleigh, NC, United States
Duration: Oct 15 2012Oct 15 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security

Other

Other2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012
CountryUnited States
CityRaleigh, NC
Period10/15/1210/15/12

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Cite this

Sundaramurthy, S. C., Bhatt, S., & Eisenbarth, M. R. (2012). Examining Intrusion Prevention System events from worldwide networks. In BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (pp. 5-12). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2382416.2382422
Sundaramurthy, Sathya Chandran ; Bhatt, Sandeep ; Eisenbarth, Marc R. / Examining Intrusion Prevention System events from worldwide networks. BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. 2012. pp. 5-12 (Proceedings of the ACM Conference on Computer and Communications Security).
@inproceedings{79b888f6e31a40759a83d97422082a67,
title = "Examining Intrusion Prevention System events from worldwide networks",
abstract = "We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.",
author = "Sundaramurthy, {Sathya Chandran} and Sandeep Bhatt and Eisenbarth, {Marc R.}",
year = "2012",
month = "11",
day = "26",
doi = "https://doi.org/10.1145/2382416.2382422",
language = "English (US)",
isbn = "9781450316613",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "5--12",
booktitle = "BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security",

}

Sundaramurthy, SC, Bhatt, S & Eisenbarth, MR 2012, Examining Intrusion Prevention System events from worldwide networks. in BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. Proceedings of the ACM Conference on Computer and Communications Security, pp. 5-12, 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2012, Raleigh, NC, United States, 10/15/12. https://doi.org/10.1145/2382416.2382422

Examining Intrusion Prevention System events from worldwide networks. / Sundaramurthy, Sathya Chandran; Bhatt, Sandeep; Eisenbarth, Marc R.

BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. 2012. p. 5-12 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Examining Intrusion Prevention System events from worldwide networks

AU - Sundaramurthy, Sathya Chandran

AU - Bhatt, Sandeep

AU - Eisenbarth, Marc R.

PY - 2012/11/26

Y1 - 2012/11/26

N2 - We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.

AB - We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.

UR - http://www.scopus.com/inward/record.url?scp=84869422450&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869422450&partnerID=8YFLogxK

U2 - https://doi.org/10.1145/2382416.2382422

DO - https://doi.org/10.1145/2382416.2382422

M3 - Conference contribution

SN - 9781450316613

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 5

EP - 12

BT - BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security

ER -

Sundaramurthy SC, Bhatt S, Eisenbarth MR. Examining Intrusion Prevention System events from worldwide networks. In BADGERS'12 - Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. 2012. p. 5-12. (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2382416.2382422