TRAINING NETWORK MANAGERS TO RECOGNISE INTRUSION ATTACKS
Colin Pattinson, Kemal Hajdarevic
2004
Abstract
One of the major challenges facing the e-Business community, and the broader telecommunications network world, is the threat of electronic attack. Of the sub-categories of such attacks, the denial of service attack, in which the intruder’s objective is to prevent legitimate users from accessing some or all of an organisation’s computing resource, regularly creates headlines in the popular press. Whilst significant research effort is being expended on the development of automated tools to recognise such attacks, for many businesses (particularly the small business sector) network management (including security and intrusion detection) is the responsibility of an individual employee (the “network manager”), among whose responsibilities is the observation and monitoring of network behaviour, and who will be expected to monitor data, detect the signs of intrusion, and take action, ideally before the attack has taken effect. Traditionally, this skill has developed through a hands-on process, learning “normal” behaviour, using this knowledge to detect anomalies, undertaking further investigation to determine more details of the cause. This will involve interaction with the “live” network, and the first experience of an attack will be when it actually occurs. This is counter to good training practice, in which a trainee will have had experience of “problem situations” in a controlled environment, and will have the opportunity to develop their responses, review actions and repeat the activity, so that when the situation occurs “for real”, responses are semi-automatic. This paper describes a simulation-based training tool in which student network managers experience the symptoms and effects of a denial of service attack and practice their responses in a controlled environment, with the aim of preparing them more effectively for the time they meet such an attack in reality.
References
- P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava, Pang-Ning Tan, (2001) Data Mining for Network Intrusion Detection. Decision Sciences Journal, 32, Number 4 Fall 2001, Decision Sciences Institute http://www.decisionsciences.org/index.html
- H. Donelan, C. Pattinson, D. Palmer-Brown (2004), The analysis of user behaviour of a network management training tool using a neural network. International Conference on Education and Information Systems: Technologies and Applications (EISTA 2004), Orlando, USA, July 21-25 2004.
- C. Pattinson (2000) A simulated network management information base Journal of Network and ComputerApplications 23 April 2000 pp. 93 - 107
- W.R. Stevens (1997) TCP/IP Illustrated Volume 1. Addison Wesley Longman, Reading, MA.
- The Carnegie Mellon University CERT Coordination Center, (1999) 1999- UDP DoS. http://www.cert.org/incident_notes/IN-99-07.html [Accessed 12 October 2003]
- Tkined (2000) is the network management interface provided by scotty
- http://wwwhome.cs.utwente.nl/schoenw/scotty [Accessed 12 February 2004]
- UCLA, 2002 D-WARD Project, UCLA, Computer Science Department. http://lasr.cs.ucla.edu/dward/ [Accessed 12 October 2003]
- University of Minnesota Dept. of Computer Science & Engineering, 2003 Minnesota Intrusion Detection System http://www.cs.umn.edu/research/minds/MINDS.htm [Accessed 12 February 2004]
Paper Citation
in Harvard Style
Pattinson C. and Hajdarevic K. (2004). TRAINING NETWORK MANAGERS TO RECOGNISE INTRUSION ATTACKS . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 269-274. DOI: 10.5220/0001386202690274
in Bibtex Style
@conference{icete04,
author={Colin Pattinson and Kemal Hajdarevic},
title={TRAINING NETWORK MANAGERS TO RECOGNISE INTRUSION ATTACKS},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={269-274},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001386202690274},
isbn={972-8865-15-5},
}
in EndNote Style
TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - TRAINING NETWORK MANAGERS TO RECOGNISE INTRUSION ATTACKS
SN - 972-8865-15-5
AU - Pattinson C.
AU - Hajdarevic K.
PY - 2004
SP - 269
EP - 274
DO - 10.5220/0001386202690274