Lightweight Detection of DoS Attacks

10 years 1 months ago
Lightweight Detection of DoS Attacks
Denial of Service (DoS) attacks have continued to evolve and they impact the availability of Internet infrastructure. Many researchers in the field of network security and system survivability have been developing mechanisms to detect DoS attacks. By doing so they hope to maximize accurate detections (true-positive) and minimize nonjustified detections (false-positive). This research proposes a lightweight method to identify DoS attacks by analyzing host behavior. Our method is based on the concept of BLINd Classification or BLINC: no access to packet payload, no knowledge of port numbers, and no additional information other than what current flow collectors provide. Rather than using pre-defined signatures or rules as in typical Intrusion Detection Systems, BLINC maps packets into graphlets of each attack pattern. In this work we create six types of graphlets for the following DoS attack patterns: TCP SYN flood, UDP flood, ICMP flood, Smurf, port scan, and host scan. The results show...
Sirikarn Pukkawanna, Vasaka Visoottiviseth, Panita
Added 03 Jun 2010
Updated 03 Jun 2010
Type Conference
Year 2007
Where ICON
Authors Sirikarn Pukkawanna, Vasaka Visoottiviseth, Panita Pongpaibool
Comments (0)