Wavelet-based Detection of DoS Attacks

10 years 4 months ago
Wavelet-based Detection of DoS Attacks
— Automated detection of anomalies in network traffic is an important and challenging task. In this work we propose an automated system to detect volume-based anomalies in network traffic caused by Denial of Service (DoS) attacks. The system has a two-stage architecture that combines more traditional approaches (Adaptive Threshold and Cumulative Sum) with a novel one based on the Continuous Wavelet Transform. Thanks to the proposed architecture, we obtain good results in terms of tradeoff between correct detections and false alarms, estimation of anomaly duration, and ability to distinguish between subsequent anomalies. We test our system using a set of publicly available traffic traces to which we superimpose anomalies related to real DoS attacks tools. Extensive test results show how the proposed system accurately detects a wide range of anomalies and how the performance indicators are affected by anomalies characteristics (i.e. amplitude and duration).
Alberto Dainotti, Antonio Pescapè, Giorgio
Added 11 Jun 2010
Updated 11 Jun 2010
Type Conference
Year 2006
Authors Alberto Dainotti, Antonio Pescapè, Giorgio Ventre
Comments (0)