Technical Reports

HPL-2012-204

Examining Intrusion Prevention System Events from Worldwide Networks

Sundaramurthy, Sathya Chandran; Bhatt, Sandeep; Eisenbarth, Marc
HP Laboratories

HPL-2012-204

Keyword(s): Big data analysis; HP TippingPoint; Intrusion Prevention System; Threat analysis

Abstract: We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.

8 Pages

External Posting Date: September 6, 2012 [Abstract Only]. Approved for External Publication - External Copyright Consideration
Internal Posting Date: September 6, 2012 [Fulltext]

Back to Index