Training Network Managers to Recognise Intrusion Attacks
暂无分享,去创建一个
One of the major challenges facing the e-Business community, and the broader telecommunications network world, is the threat of electronic attack. Of the sub-categories of such attacks, the denial of service attack, in which the intruder’s objective is to prevent legitimate users from accessing some or all of an organisation’s computing resource, regularly creates headlines in the popular press. Whilst significant research effort is being expended on the development of automated tools to recognise such attacks, for many businesses (particularly the small business sector) network management (including security and intrusion detection) is the responsibility of an individual employee (the “network manager”), among whose responsibilities is the observation and monitoring of network behaviour, and who will be expected to monitor data, detect the signs of intrusion, and take action, ideally before the attack has taken effect. Traditionally, this skill has developed through a hands-on process, learning “normal” behaviour, using this knowledge to detect anomalies, undertaking further investigation to determine more details of the cause. This will involve interaction with the “live” network, and the first experience of an attack will be when it actually occurs. This is counter to good training practice, in which a trainee will have had experience of “problem situations” in a controlled environment, and will have the opportunity to develop their responses, review actions and repeat the activity, so that when the situation occurs “for real”, responses are semi-automatic. This paper describes a simulation-based training tool in which student network managers experience the symptoms and effects of a denial of service attack and practice their responses in a controlled environment, with the aim of preparing them more effectively for the time they meet such an attack in reality.
[1] Jaideep Srivastava,et al. Data Mining for Network Intrusion Detection , 2002 .