Publication Type:

Conference Paper

Source:

Procedia Computer Science, Elsevier B.V., Volume 115, p.580-587 (2017)

URL:

https://www.scopus.com/inward/record.uri?eid=2-s2.0-85032450927&doi=10.1016%2fj.procs.2017.09.117&partnerID=40&md5=7ac0683e533e105eae35410fcd525204

Keywords:

Denial-of-service attack, floods, Heterogeneous devices, Homogeneous Event, Information management, Rete algorithm, Rule generation, Security event managements, Security information and event management (SIEM), Security information managements, TCP SYN attack, Transmission control protocol

Abstract:

<p>Security Information and Event Management (SIEM) is a combination of Security Information Management and Security Event Management. SIEM helps in the collection of events from heterogeneous devices and ordering into Common Event Format. The events collected are correlated and observed for changes in the system behaviour. Homogeneous Events such as DoS/Probe attacks can be detected by monitoring single event source. In this paper, TCP SYN flood attack is considered. RETE algorithm is applied on the network event attributes to formulate the rules and stored in database. An alert is triggered, when the rule for TCP SYN attack is matched. © 2017 The Author(s).</p>

Notes:

cited By 0; Conference of 7th International Conference on Advances in Computing and Communications, ICACC 2017 ; Conference Date: 22 August 2017 Through 24 August 2017; Conference Code:131212

Cite this Research Publication

M. S. N. Raja and Vasudevan, A. R., “Rule Generation for TCP SYN Flood attack in SIEM Environment”, in Procedia Computer Science, 2017, vol. 115, pp. 580-587.

207
PROGRAMS
OFFERED
6
AMRITA
CAMPUSES
15
CONSTITUENT
SCHOOLS
A
GRADE BY
NAAC, MHRD
8th
RANK(INDIA):
NIRF 2018
150+
INTERNATIONAL
PARTNERS