HPL-2012-204Examining Intrusion Prevention System Events from Worldwide Networks
Sundaramurthy, Sathya Chandran; Bhatt, Sandeep; Eisenbarth, Marc
Keyword(s): Big data analysis; HP TippingPoint; Intrusion Prevention System; Threat analysis
Abstract: We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.
External Posting Date: September 6, 2012 [Abstract Only]. Approved for External Publication - External Copyright Consideration
Internal Posting Date: September 6, 2012 [Fulltext]