Sciweavers

SIGCOMM
2003
ACM

A framework for classifying denial of service attacks

13 years 8 months ago
A framework for classifying denial of service attacks
Launching a denial of service (DoS) attack is trivial, but detection and response is a painfully slow and often a manual process. Automatic classification of attacks as single- or multi-source can help focus response, but current packet-header-based approaches are susceptible to spoofing. This paper introduces a framework for classifying DoS attacks based on header content, ramp-up behavior, and novel techniques based on spectral analysis. Although headers are easily forged, we show that characteristics of ramp-up and the attack spectrum are much more difficult to spoof. To evaluate our framework we monitored access links of a regional ISP over a period of five months, detecting 80 live attacks. Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis. We validate our results through monitoring at a second site, controlled experiments over the Internet, and simulation. We use experimen...
Alefiya Hussain, John S. Heidemann, Christos Papad
Added 05 Jul 2010
Updated 05 Jul 2010
Type Conference
Year 2003
Where SIGCOMM
Authors Alefiya Hussain, John S. Heidemann, Christos Papadopoulos
Comments (0)