Detecting New Patterns of Attacks - Results and Applications of Large Scale Sensoring Networks

It is still not clear, how large scale sensoring networks can be turned into useful ressources of incident response teams. Recent research has shown that the work of incident response teams is clearly exposed to denial of service attacks if the handling of low number / high priority incidents is not separated from the work related to high number / low priority incidents [WK05]. This would imply that handling the magnitude of data coming from large scale sensoring networks will pose concrete operational problems to any incident response team dealing with it. While there are some strategies to mitigate this problem, we believe that only selecting the ’interesting’ events through filtering is not good enough and give away useful insights that are inside the data but not yet obviously visible for an unaware observer. Therefore our research objective is to identify successful strategies of how to extract useful data automatically out of large data sets. So far we have succeeded to improve a suggested algorithm and test it’s application in an operational setting. This paper will outline the algorithm, any improvement made as well as the key insights in it’s application.