An Efficient and Reliable DDoS Attack Detection Using a Fast Entropy Computation Method
|
|
- Everett Carter
- 8 years ago
- Views:
Transcription
1 An Efficient and Reliable DDoS Attack Detection Using a Fast Entropy Computation Method Giseop No and Ilkyeun Ra * Department of Computer Science and Engineering University of Colorado Denver, Campus Box 109, 1200 Larimer St., Denver, CO80204, USA Tel: , kafa46@hanmail.net * Tel: , Fax: , ilkyeun.ra@ucdenver.edu Abstract The threat of Distributed Denial of Service (DDoS) has become a major issue in network security and is difficult to detect because all DDoS traffics have normal packet characteristics. Various detection and defense algorithms have been studied. One of them is an entropy-based intrusion detection approach that is a powerful and simple way to identify abnormal conditions from network channels. However, the burden of computing information entropy values from heavy flow still exists. To reduce the computing time, we have developed a DDoS detection scheme using a compression entropy method. It allows us to significantly reduce the computation time for calculating information entropy. However, our experiment suggests that the compression entropy approach tends to be too sensitive to verify real network attacks and produces many false negatives. In this paper, we propose a fast entropy scheme that can overcome the issue of false negatives and will not increase the computational time. Our simulation shows that the fast entropy computing method not only reduced computational time by more than 90% compared to conventional entropy, but also increased the detection accuracy compared to conventional and compression entropy approaches. I. INTRODUCTION The main features of an Internet network are its open environment and scalability. On one hand, these characteristics have led the growth of the Internet. On the other hand, vulnerabilities in the network have occurred simultaneously. The threat of Distributed Denial of Service (DDoS) attacks now has become a major issue in network security. Launching a DDoS attack becomes easier for DDoS attackers while the defenders have a more difficult detecting malicious network flow since the DDoS attacker now uses normal packets flow with spoofed packet information. A burden for the defenders is to process all packet information within a limited time because a DDoS attacker sends a lot of normal packets to a victim. Although there is a good monitoring scheme against DDoS attacks, it still needs relatively high computational time to identify an attack from a normal packet flow. The few current studies have focused mainly on reducing computation resources to detect a DDoS attack. This paper concentrates on designing an efficient DDoS attack detection method that can both significantly reduce computational time and increase detection accuracy. To yield less computation time, we use the information entropy concept as an attack detection estimator. We introduce two entropy computational approaches: compression entropy using a data compression scheme and a modified entropy estimator, called Fast Entropy. The compression entropy provides the possibility of greatly reduced computational power by using a lossless data compression scheme. However, it is too sensitive to detect intrusion effectively. To moderate sensitivity of compression entropy, we designed the Fast Entropy. We find that our Fast Entropy scheme has better performance in terms of speed and accuracy than conventional entropy-based network detection and can reduce computational time nearly 90% compared to a conventional entropy scheme. This paper is presented in the following order. Section II presents the related work that includes Information Entropy and network intrusion detection with Conventional Entropy. New entropy approaches are introduced in Section III. DDoS detector design is described in Section IV. Simulation and analysis follow in Section V. Finally, our conclusion is discussed in Section VI. II. RELATED WORK A. Information Entropy Entropy is a concept identified by Shannon in 1948 [1]. Entropy is a quantity, a measure of the uncertainty of a random variable. Let X be a discrete random variable with alphabet χ and probability mass function p(x) = Pr {X=x}, x χ. The entropy H(X) of a discrete random variable X is defined as H(X) = -Σ x χ p(x)log p(x), (1) where 0log0 = 0, and H(X) 0 since 0 p(x ) 1 The function of the basic properties of entropy is defined as a concave function of the distribution. The entropy value equals 0 when p = 0 or 1. Similarly, the entropy is maximum when p = 1/2. This property easily can be used in network traffic monitoring. If network traffic changes from normal to abnormal status such as when the DDoS attacker sends a bulk of packets with the same port number to saturate a certain port, the entropy of this port number will be decreased. By contrast, under normal conditions, the entropy of the port number will /09/$ IEEE 1223 ISCIT 2009
2 be increased. This phenomenon can be applied to various network information such as source IP address, destination IP address, source port, destination port, total number of packets, and even in the data clustering schemes. B. DDoS Detection Approaches Various studies introduced several detection approaches. First, a Signature Based Approach (SBA) was introduced based on knowledge of known attack patterns. General SBAs work as follows: 1) find a pattern or a signature of an attack, 2) generate attack signatures and save them in a database, and 3) update the attack database if there is a new attack(s). SBA is efficient because it is easy to implement. Also, it identifies known attacks with low false negatives. However, SBA has several disadvantages [2]: 1) all systems having SBA must be trained, 2) SBA has potential false negatives because it may not detect even simple variations of attacks (it only detects exactly the same attack patterns according to the knowledge of the database), 3) SBA has false negative characteristics if an attack failed or a system was poorly configured, and 4) if the signature is stolen, the detection system no longer works properly. Since a DDoS attack has no attack signature (it increases normal packets to saturate network capacity), the SBA cannot work efficiently against DDoS attacks. Due to the limitations of SBA such as human errors, false positives, and false negatives, a safer detection approach, called an Anomaly Based Approach (ABA) has been proposed. It uses distribution analysis approaches, data mining, and statistical approaches. Usually, ABA is considered to be a more complex architecture. In fact, however, ABA needs to consult every pattern of incoming traffic, which means more work load to maintain a relatively high security level. Distribution-based approaches use a distribution of traffic information Base Distribution and Inverse Distribution were used in network intrusion detection [3, 4]. In the case of Statistical Anomaly-based approaches, a GAIA sensor (local DDoS sensor based on statistical analysis of the traffic), which uses modeling, mediation, detection, and alert generation components, is used in early detection scheme [5] using statistical quantity. Using chi-square statistic, researchers in [6] presented a DDoS attack detection algorithm. However, these approaches still need computational power to calculate the estimation statistic. Therefore, distribution-based and statistical approaches are not sufficient since they require a large number of computations to yield statistics or distribution of network flow. Entropy-based approaches to DDoS detection were introduced and turned out to be powerful network intrusion detection schemes. Entropy-based approaches have significant benefits in intrusion detection [7]: 1) the use of entropy can increase the sensitivity of detection to uncover anomalous incidents, 2) the use of such traffic features provides additional diagnostic information into the nature of the anomalous incidents, and 3) entropy of traffic feature distributions offers useful information to measure distance among traffic groups (clusters). Even though using Entropy has several advantages, it still needs an efficient algorithm to reduce computational time and memory usage in a high speed network. As previously shown in (1), to calculate entropy of a packet stream, the algorithm must have a probability (pi) that there will be a frequency of xi out of the arrived packets. We need to store every packet in the packet repository with its counter. Therefore, every packet needs to search for whether or not its packet is already stored in the repository. III. NEW ENTROPY APPROACHES A. Compression Entropy To reduce the computational time of the entropy estimator, we investigated several approaches and learned that data compression could be an efficient way of reducing computation time, and we studied how to use the compression scheme to get faster entropy computation by using linear regression to analyze the relation between original source entropy and compressed entropy for worm detection [8]. However, the relation from linear regression does not guarantee the concrete relation, which means that it has a potential error factor. Ratko Tomic introduced a Fast, Optimal Entropy Coder (FOEC) by using a combination scheme in data compression [9]. We find that the information entropy can be generated as a by-product during the FOEC process. We introduce a way to calculate entropy values based on Tomic s lossless data compression method. In this section, we will discuss the general procedures of Tomic s method, and then show how to use these values in a DDoS detection approach with heap structure. Packet information (source/destination IP address, source/destination port number) can be represented with a binary string (0 and 1). Also, the information is nothing but distinct bits (0s and 1s). If we use an indexing lattice path of the given source string, we can compute entropy with only the number of 1s counted [9]. I n (b 1 b 2 b n ) =, where 0 n 1 < n 2 < < n k < n (2) bi : i-th binary element n : total number of bi where k is the number of 1 s in Sn{ nj } : a subsequence of the sequence { i 1}, retaining only those values of (i-1) for which bi = 1, or in words, nj : a zero-based bit index which picks out only the 1 s from the input string Sn. The size (in bits) of the path index In with k ones is log(n(n-k,k)) = log(c(n,k)), where the binomial coefficient C(n,k) is the path count for n-bit strings with k ones. Applying the Stirling-Approximation for the factorials C(n,k), the path index size log(c(n,k)) which is compression entropy becomes: Log(C(n,k)) n[ plog(1/p) + qlog(1/q)] 1/2log(2π n p q), Where the probabilities through: p(1) p= k/n and p(0) q = (n k ) /n 1224
3 We can use the idea of the Multi Alphabet Source scheme from FOEC [9]. As shown in equation (2), the entropy of the binary source can be computed with the count of 1s. Let a sequence of n symbols be S n taking values from an alphabet A q = { a 1, a 2,..., a q }, and be a list of q counts k 1, k 2, k 2,... k q (each count k i counting the corresponding symbol a i ) adding up to n. k 1 + k 2 + k k q = n (3) The number of different arrangements of these n symbols with the given symbol counts k i satisfying (3) is the multinomial coefficient: N( n, k1, k2, kq) = =!!!! = = = (4) If we take a log of both sides, we can get the entropy of sequence of alphabet. Entropy(A q ) = log( ) + log () + + log( ) = log( ) + + log ( ) + log() (5) With this entropy value from FOEC, we can start the interpretation of the lossless Compression Entropy from the first term of (5), log( ) until the last term, log( ). 1 st Term: C (k 1 + k k q, k q ) = C (n, k q ) by 2 nd Term: C (k 1 + k k q-1, k q-1 ) = C (n-k q, k q-1 ) 3 nd Term: C (k 1 + k k q-2, k q-2 ) = C (n-k q -k q-1, k q-2 ) : : (q-1)-th Term: C (k 1 + k 2, k 1 ) = C (n- k q - k q k q-2, k 1 ) q-th Term: C (k 1, k 1 ) = C (n- k q - k q k q-2 - k q-1, k 1 ) = 1 Since in every i-th term computation, the number of objects from which we can choose (let this number be n i ) is subtracted by k q-i-1 element, the size of n i keeps being decreased. The number of same packet information (for example, address or port number) means k i in equation (4). For instance, if we insert all of arrived source IP address into heap, we can pull out the element until pulled data meets different address value. If we count those number of packets and define this number as k i, we can calculate entropy value in each step (herein, i-th term). It is very similar to heap sort. Also, the k i means the number of 1s in the stream in the i-th stage. We can get total entropy by adding up the entropies from all steps. B. Fast Entropy An entropy, H, is a quantity of disorder. If the disorder (the number of types of symbols) is increased, H must be increased. Otherwise, H must be decreased. Therefore, we can simplify the expression of entropy as follows: H = log (the number of possible states within input information) =, where p i is the probability i-th symbol occurrences from all observed symbols. One idea to reduce the consumption of computational resources during calculating information entropy is that we use only the number of different types of symbols without computing probabilities. Thus, we can redefine the entropy as H = log (the number of possible system state). But, the new definition of entropy has one problem since it doesn t reflect the total number of symbols. Usually, an attacker significantly increases the number of different symbols (packets) to paralyze a victim s system by saturating a victim s system capacity during DDoS attack. As a result, we need to add one more criterion the total number of symbols. Now, we define entropy as: H = =, where, m is the number distinct packets, n is total number of packets in an input. However, this new entropy could still increase the false positives that are very critical in monitoring systems. For instance, if an attacker increases the number of packets, he/she may also increase the number of packet types simultaneously. In that case, the ratio will not be changed noticeably, and the entropy value will stay almost same, which makes the algorithm miss attacks. To overcome the issue of the false positive, we propose an entropy calibration factor to increase the sensitivity to increasing packet numbers. The proposed entropy calibration is presented as follows. Let ni be the total number of packets in monitoring interval ti. We now monitor 2 variables, which are ni-1 and ni. These two values are adjacent values in the monitoring time series. Let us define calibration entropy as follows: H = Where, If n i n i-1,, if n i n i-1, if n i < n i-1, then. 1225
4 With the same fashion, n i < n i-1 will have same range We will use the value ratio value between 0 and 1, since this region among various log base values is very significantly changing. By taking absolute value, we can monitor the entropy of the change in the number of packets. Also, we will use log base 2 since a significant change of entropy is between 5 and 10 if the network changes abruptly because the packet number ratio of (0.5, 1] has a similar pattern between 5 and 10. With the value of lower than 0.5, the logarithmic value drops significantly, thus reflecting remarkable changes in the traffic flow of the network. If there is no traffic change in terms of packet number, the ratio is 1, and the entropy change is zero. (log1 = 0, no impact in detection facility). In order to detect DDoS attacks, we should continuously monitor entropy values sequentially per every monitoring interval, called window size. Thus, each entropy value should be calculated with respect to each fixed moving average window. There are variants of the simple moving average method. We will use the simple moving average, since we assume the traffic packet arriving is identically and independently distributed (i.i.d), memoryless, and a stationary process. The Figure 1 shows the concept of attack monitoring with simple moving average with size k. Assume we monitor the entropy values for m intervals (i.e., window size of k). If we have a monitoring interval of t seconds, we monitor the entropy value for m t seconds. In every monitoring interval t, an entropy value is computed. Let τ be log We can write if n i n i-1, and log if n i < n i-1 H = + τ, where, m is the number distinct packets, n is total number of packets in an input, and τ is packet number calibration factor (same as H ). To acquire only the number of distinct packets, we use heap structure similar to the lossless compression entropy. However, unlike the lossless compression entropy, we need only the insert operation because we can know n during the insert operation via the comparison step in heap. This fact can contribute to reduce the computational time of fast entropy more than the lossless compression entropy computation. If we monitor the packet every t time over T time period, and if we also monitor m packets in t, and then the total packets over T T is n. In other words, the number of packets is m. Thus, the runtime of computing the number of types can be defined as follows: + + =, Where, is average packet number in t, can be represented as = T = n t T. Now, let t T be α, and then we can simplify the above equation as follows: = t T = α log (n * α -1 ) = α log n α log α Therefore, the runtime of the fast entropy can be represented by O (α log n α log α), which is faster than total runtime of conventional entropy O ( ) and compression entropy O(n log n). IV. DDOS DETECTOR DESIGN Let s define as follows: μ i : i-th average of Moving Average Window σ: Standard Deviation of H n-m ~ H n-1 with μ i D i : absolute value of difference between μ i and H n (i.e., D i = μ i - H n ) β: threshold multiplication factor, positive integer value (default μ = 3) ω: threshold (ω = β * σ) Fig 1. Monitoring Concept with Moving Average Once μi is computed, it will be compared with Hn. To detect a traffic pattern change, if Di ω, we decide that we have an attack (under an attack) in the current monitoring interval n. Otherwise, the traffic condition is still the normal condition (out of attack). Once a comparison is done, the Moving Average Window will be moving forward along with time evolution (μi will start at tn-m+1). V. SIMULATION AND ANALYSIS A. Input Data We wanted to run our simulation program with various datasets from different institutes, but we could not get many actual datasets that have DoS/DDoS attacks. We have collected four different datasets to verify our proposed method: 1) one normal dataset (University of Colorado Denver BSS Computer Lab Traffic) and three different DoS/DDoS datasets (1999 DARPA and two 2000 DARPA datasets). We mixed or interleaved DoS/DDoS datasets with the normal dataset to see how our proposed algorithm will 1226
5 detects attacks. The detailed description of each dataset is described as follows: Normal Data Flow (University Computer Lab) University computer lab filled with normal computer user (student) packets at the Behavioral Science (BSS) Lab of University of Colorado Denver. DoS and Port Sweep Attack (1999 DARPA Dataset) We mixed two network flows together. One is the normal data flow from the BSS lab. The other is DoS attack traffic extracted from a DARPA dataset on April (99 DARPA). We have precisely separated DoS and Probe attack packets from 99 DARPA, which are 5 DoS attacks and 2 stealthy Probing attacks. We interleaved 99 DARPA attacks in BSS lab traffic. Typical DDoS (Non-Stealthy 2000 DARPA Dataset) The 2000 DARPA dataset (00 DARPA) is a typical dataset of DDoS attack traffic. We can categorize the five attack phases in the 00 DARPA dataset: phase1 (IP sweeping), phase2 (Probing IPs), phase3 (Penetrating via vulnerability), phase4 (Install attack software), and phase5 (Launching DDoS). Stealthy DDoS (Stealthy 2000 DARPA Dataset) The 2000 DARPA Stealthy dataset (00 Stealthy DARPA) is stealthier than the 1999 DARPA dataset but also has 5 attack phases as does the Non-Stealthy 2000 DARPA dataset. We set up only BSS lab traffic at the beginning of 30 minutes; after that we laid two mixed datasets (BSS lab dataset and 2000 DARPA Stealthy dataset). Fig. 2. Conventional Entropy Distribution with Typical DDoS Dataset (Non-Stealthy DARPA 2000) Fig. 3. Compression Entropy Distribution with Typical DDoS Dataset (Non-Stealthy DARPA 2000) B. Simulation Procedure We implemented our proposed algorithm with C language and ran our proposed detection program many times using all four datasets on a desktop PC with an MS Windows XP operating system. For our simulation, we fixed our moving average window size for this paper and ran many simulations using different datasets to find out the suitable threshold value (ω). The threshold value (ω) will be another key parameter to determine the accuracy of the detection. In this paper, we have selected 4σ as the threshold value (ω) and we tested our detection program for all datasets. We will present the number of packets at every detection point, detection accuracy tables (conventional, combination, and our fast entropy detectors), and adaptive detector performance for the 99 DARPA, 00 DARPA, and 00 stealthy DARPA datasets. C. Simulation Result Analysis and Evaluation The simulation results suggest that our Fast Entropy Scheme has higher accuracy in DoS, DDoS or Stealthy DDoS attack cases. Figures 2~4 portray the entropy distributions with a typical DDoS dataset. The compression entropy scheme yields huge entropy values with extreme sensitivity (see Fig. 3). Fig. 4. Fast Entropy Distribution with Typical DDoS Dataset (Non-Stealthy DARPA 2000) We simulated three entropy schemes to evaluate the detection accuracy with three datasets within the threshold range between 2σ and 6σ. A result with ω = 4σ is presented in TABLE I. Under the DoS attack, the conventional entropy scheme has the worst performance with high false negatives in TABLE I, while the Fast Entropy Scheme shows the best performance without any false negatives. TABLE I also shows that our Fast Entropy scheme shows a higher detection accuracy than conventional entropy and compression scheme against typical and stealthy DDoS attacks. From the simulation with threshold range (2σ ~ 6σ), our Fast Entropy approach yields powerful results in almost all ranges (3σ~5σ) against a typical DDoS attack, since it has both low false positives and relatively low false negatives compared to conventional and compression entropy schemes. 1227
6 For the stealthy DDoS input, the compression entropy scheme represents the network flow changes since it is very sensitive to changes of the network channel, which was the main fault of the typical DoS/DDoS detector. However, our Fast Entropy scheme shows us the main change in phase 5 (DDoS launching stage), which makes a detector capable of detecting an anomaly. Meanwhile, the conventional entropy scheme does not display any pattern change, which implies that it has poor performance under stealthy DDoS attack D. Runtime Analysis The lossless compression entropy and fast entropy can reduce the computational time almost 90% by using a heap structure compared to conventional entropy calculation. However, as we discussed in detection accuracy, the Compression Entropy Scheme has high false negatives over all thresholds, which means it doesn t work well as the network monitoring algorithm with information entropy, even though it has fast data compression ability Entropy Type Conventional Compression 0 Fast DoS TABLE I. DETECTION ACCURACY RESULT Threshold :ωσ Input Data Normal DDoS Stealthy DDoS Fig. 5. Runtime Distribution Error Type False False Positives Negatives DoS a 6 1 Typical DDoS b 4 1 Stealthy DDoS c 4 0 DoS 3 3 Typical DDoS 3 6 Stealthy DDoS 2 12 DoS 4 0 Typical DDoS 2 3 Stealthy DDoS 2 1 a DoS: 99 DARPA Dataset b Typical Dataset: Non-Stealthy 00 DARPA Dataset c Stealthy DDoS: Stealthy 00 DARPA Dataset The Fast Entropy Detection Scheme needs the smallest amount of time among the three entropy schemes (even faster Fast Compression Conventional than compression entropy). Our Fast Entropy DDoS detection scheme is the best fit in terms of information entropy approaches, with high probability of detection and very low computational time. VI. CONCLUSIONS Conventional entropy is known as the efficient algorithm to monitor changes of network conditions. It needs time to calculate probabilities of distinct packet types; computing probabilities of distinct packets take very long computational time. In this paper, we have proposed the fast entropy approach that combines the lossless compression entropy of the FOEC method, and the entropy calibration that uses the number of packet types and the number of packets based on the idea that DDoS attacks rely mainly not on packet types alone as in conventional entropy, but both the packet types and traffic volume (the number of packets). We report that our Fast Entropy scheme reduced computational time by 90% of conventional entropy scheme while maintaining detection accuracy. Fast Entropy is even faster than compression entropy scheme in computing entropy values with same or better detection accuracy. For our future work, we have been developing an adaptive fast entropy algorithm that will further reduce the false positives as well as false negatives without adding overhead by introducing dynamic moving average and detection threshold value with respect to behavior of attacks. REFERENCES [1] C.E. Shannon, A Mathematical Theory of Communication, Bell System Technical Journal, vol. 27, pp & , Oct [2] T. Ditcheva and Lisa Fowler, Signature-based Intrusion Detection class notes for COMP , University of North Carolina at Chapel Hill, Feb [3] S. Singh, C. Estan, G.Varghese, and S. Savage, Automated Worm Fingerprinting, Proceedings of the 6 th OSDI 6, Dec [4] V. Karamcheti, D. Geiger, Z. Kedem, and S. Muthukrishnan, Detecting Malicious Network Traffic Using Inverse Distribution of Packet Content, Proceedings of ACM SIGCOMM 2005 workshop on Mining Network Data, [5] E. Besson, A. Gouget, and H. Sibert, The GAIA Sensor: an Early DDoS Detection Tool, ACM SIGMETRICS Performance Evaluation Review 34, 2006, pp.7-8. [6] B. Song, J Heo, and C. S. Hong, Collaborative Defense Mechanism Using Statistical Detection Method against DDoS attacks, IEICE TRANS. COMMUN E90-B, 2007, pp [7] A. Lall, V. Sekar, M. Ogihara, J. Xu, and H. Zhang, Data Streaming Algorithms for Estimating Entropy of Network Traffic, ACMSIGMETRICS PERFORMANCE Evaluation Review 34, 2006, pp [8] A. Wanger, Entropy-Based Worm Detection for Fast IP Networks, Ph.D. dissertation, Swiss Federal Institution of Zechnology, Zurich, Swiss, [9] R. V. Tomic, Fast, Optimal Entropy Coder, 1 st Works Corporation Technical Report TR ,
A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, JUNE 2010, ISSUE: 02 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS S.Seetha 1 and P.Raviraj 2 Department of
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationDISCLOSING MALICIOUS TRAFFIC FOR NETWORK SECURITY
DISCLOSING MALICIOUS TRAFFIC FOR NETWORK SECURITY Kamal Shah and Tanvi Kapdi Thakur College of Engineering and Technology, Mumbai University, Mumbai-400101, India ABSTRACT Network anomaly detection is
More informationDetecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms B. Aravind, (M.Tech) CSE Dept, CMRTC, Hyderabad
Detecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms B. Aravind, (M.Tech) CSE Dept, CMRTC, Hyderabad M. Lakshmi Narayana, M.Tech CSE Dept, CMRTC, Hyderabad Abstract:
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationBehavioral Entropy of a Cellular Phone User
Behavioral Entropy of a Cellular Phone User Santi Phithakkitnukoon 1, Husain Husna, and Ram Dantu 3 1 santi@unt.edu, Department of Comp. Sci. & Eng., University of North Texas hjh36@unt.edu, Department
More informationOn Entropy in Network Traffic Anomaly Detection
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015 Jayro Santiago-Paz, Deni Torres-Roman. 1/19 On Entropy in Network
More informationIndex Terms Denial-of-Service Attack, Intrusion Prevention System, Internet Service Provider. Fig.1.Single IPS System
Detection of DDoS Attack Using Virtual Security N.Hanusuyakrish, D.Kapil, P.Manimekala, M.Prakash Abstract Distributed Denial-of-Service attack (DDoS attack) is a machine which makes the network resource
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationJoint Entropy Analysis Model for DDoS Attack Detection
2009 Fifth International Conference on Information Assurance and Security Joint Entropy Analysis Model for DDoS Attack Detection Hamza Rahmani, Nabil Sahli, Farouk Kammoun CRISTAL Lab., National School
More informationDOS ATTACK DETECTION USING SOURCE IP ADDRESS ENTROPY AND AVERAGE PACKET ARRIVAL TIME INTERVAL
Proceedings of the IASTED International Conference Computational Intelligence (CI 2015) February 16-17, 2015 Innsbruck, Austria DOS ATTACK DETECTIO USIG SOURCE IP ADDRESS ETROPY AD AVERAGE PACKET ARRIVAL
More informationAn Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More informationKeywords Attack model, DDoS, Host Scan, Port Scan
Volume 4, Issue 6, June 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com DDOS Detection
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationConclusions and Future Directions
Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions
More informationDefending Against Traffic Analysis Attacks with Link Padding for Bursty Traffics
Proceedings of the 4 IEEE United States Military Academy, West Point, NY - June Defending Against Traffic Analysis Attacks with Link Padding for Bursty Traffics Wei Yan, Student Member, IEEE, and Edwin
More information2 Technologies for Security of the 2 Internet
2 Technologies for Security of the 2 Internet 2-1 A Study on Process Model for Internet Risk Analysis NAKAO Koji, MARUYAMA Yuko, OHKOUCHI Kazuya, MATSUMOTO Fumiko, and MORIYAMA Eimatsu Security Incidents
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationPhD Proposal: Functional monitoring problem for distributed large-scale data streams
PhD Proposal: Functional monitoring problem for distributed large-scale data streams Emmanuelle Anceaume, Yann Busnel, Bruno Sericola IRISA / CNRS Rennes LINA / Université de Nantes INRIA Rennes Bretagne
More informationBandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System
Bandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System 1 M.Yasodha, 2 S. Umarani 1 PG Scholar, Department of Information Technology, Maharaja Engineering College,
More informationDDoS Attack Detection Using Flow Entropy and Packet Sampling on Huge Networks
DDoS Attack Detection Using Flow Entropy and Packet Sampling on Huge Networks Jae-Hyun Jun School of Computer Science and Engineering Kyungpook National University jhjun@mmlab.knu.ac.kr Cheol-Woong Ahn
More informationLarge-Scale IP Traceback in High-Speed Internet
2004 IEEE Symposium on Security and Privacy Large-Scale IP Traceback in High-Speed Internet Jun (Jim) Xu Networking & Telecommunications Group College of Computing Georgia Institute of Technology (Joint
More informationMONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN
MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India
More informationDetection of Distributed Denial of Service Attack with Hadoop on Live Network
Detection of Distributed Denial of Service Attack with Hadoop on Live Network Suchita Korad 1, Shubhada Kadam 2, Prajakta Deore 3, Madhuri Jadhav 4, Prof.Rahul Patil 5 Students, Dept. of Computer, PCCOE,
More informationDual Mechanism to Detect DDOS Attack Priyanka Dembla, Chander Diwaker 2 1 Research Scholar, 2 Assistant Professor
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Engineering, Business and Enterprise
More informationEnsuring Security in Cloud with Multi-Level IDS and Log Management System
Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,
More informationA Frequency-Based Approach to Intrusion Detection
A Frequency-Based Approach to Intrusion Detection Mian Zhou and Sheau-Dong Lang School of Electrical Engineering & Computer Science and National Center for Forensic Science, University of Central Florida,
More informationAn Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation
An Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation Shanofer. S Master of Engineering, Department of Computer Science and Engineering, Veerammal Engineering College,
More informationA Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds
International Journal of Research Studies in Science, Engineering and Technology Volume 1, Issue 9, December 2014, PP 139-143 ISSN 2349-4751 (Print) & ISSN 2349-476X (Online) A Novel Distributed Denial
More informationDDoS Confirmation & Attack Packet Dropping Algorithm in On- Demand Grid Computing Platform
DDoS Confirmation & Attack Packet Dropping Algorithm in On- Demand Grid Computing Platform Muhammad Zakarya, Zahoor Jan, Imtiaz Ullah, Nadia Dilawar and Uzm Abstract- Distributed denial of service (DDoS)
More informationEchidna: Efficient Clustering of Hierarchical Data for Network Traffic Analysis
Echidna: Efficient Clustering of Hierarchical Data for Network Traffic Analysis Abdun Mahmood, Christopher Leckie, Parampalli Udaya Department of Computer Science and Software Engineering University of
More informationInformation Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay
Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay Lecture - 17 Shannon-Fano-Elias Coding and Introduction to Arithmetic Coding
More informationEntropy-Based Collaborative Detection of DDoS Attacks on Community Networks
Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks Krishnamoorthy.D 1, Dr.S.Thirunirai Senthil, Ph.D 2 1 PG student of M.Tech Computer Science and Engineering, PRIST University,
More informationA study of denial of service attacks on the Internet p.1/39
A study of denial of service attacks on the Internet David J. Marchette marchettedj@nswc.navy.mil Naval Surface Warfare Center Code B10 A study of denial of service attacks on the Internet p.1/39 Outline
More informationDetecting Flooding Attacks Using Power Divergence
Detecting Flooding Attacks Using Power Divergence Jean Tajer IT Security for the Next Generation European Cup, Prague 17-19 February, 2012 PAGE 1 Agenda 1- Introduction 2- K-ary Sktech 3- Detection Threshold
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationA Secure Intrusion detection system against DDOS attack in Wireless Mobile Ad-hoc Network Abstract
A Secure Intrusion detection system against DDOS attack in Wireless Mobile Ad-hoc Network Abstract Wireless Mobile ad-hoc network (MANET) is an emerging technology and have great strength to be applied
More informationDDoS Prevention System Using Multi-Filtering Method
International Conference on Chemical, Material and Food Engineering (CMFE-2015) DDoS Prevention System Using Multi-Filtering Method Ji-Ho Cho charismaup@nate.com Jeong-Min Kim kjm9366@naver.com Ji-Yong
More informationEfficient Detection of Ddos Attacks by Entropy Variation
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727 Volume 7, Issue 1 (Nov-Dec. 2012), PP 13-18 Efficient Detection of Ddos Attacks by Entropy Variation 1 V.Sus hma R eddy,
More informationA Study on Behavior Patternize in BYOD Environment Using Bayesian Theory
A Study on Behavior Patternize in BYOD Environment Using Bayesian Theory Dongwan Kang, Myoungsun Noh, Chaetae Im Abstract Since early days, businesses had started introducing environments for mobile device
More informationEFFICIENT DETECTION IN DDOS ATTACK FOR TOPOLOGY GRAPH DEPENDENT PERFORMANCE IN PPM LARGE SCALE IPTRACEBACK
EFFICIENT DETECTION IN DDOS ATTACK FOR TOPOLOGY GRAPH DEPENDENT PERFORMANCE IN PPM LARGE SCALE IPTRACEBACK S.Abarna 1, R.Padmapriya 2 1 Mphil Scholar, 2 Assistant Professor, Department of Computer Science,
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationNETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL
NETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL Prof. Santosh T. Waghmode 1, Prof. Vinod S. Wadne 2 Department of Computer Engineering, 1, 2 JSPM s Imperial College of Engineering
More informationPrediction of DDoS Attack Scheme
Chapter 5 Prediction of DDoS Attack Scheme Distributed denial of service attack can be launched by malicious nodes participating in the attack, exploit the lack of entry point in a wireless network, and
More informationStochastic Protocol Modeling for Anomaly-Based Network Intrusion Detection
2003 IEEE International Workshop on Information Assurance March 24th, 2003 Darmstadt, Germany Stochastic Protocol Modeling for Anomaly-Based Network Intrusion Detection Juan M. Estévez-Tapiador (tapiador@ugr.es)
More informationA Hybrid Approach to Efficient Detection of Distributed Denial-of-Service Attacks
Technical Report, June 2008 A Hybrid Approach to Efficient Detection of Distributed Denial-of-Service Attacks Christos Papadopoulos Department of Computer Science Colorado State University 1873 Campus
More informationADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN ABSTRACT Muraleedharan N and Arun Parmar Centre for Development of Advanced Computing (C-DAC) Electronics City, Bangalore, India {murali,parmar}@ncb.ernet.in
More informationNetwork Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
More informationA NOVEL RESOURCE EFFICIENT DMMS APPROACH
A NOVEL RESOURCE EFFICIENT DMMS APPROACH FOR NETWORK MONITORING AND CONTROLLING FUNCTIONS Golam R. Khan 1, Sharmistha Khan 2, Dhadesugoor R. Vaman 3, and Suxia Cui 4 Department of Electrical and Computer
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationPreventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India
More informationUSING LOCAL NETWORK AUDIT SENSORS AS DATA SOURCES FOR INTRUSION DETECTION. Integrated Information Systems Group, Ruhr University Bochum, Germany
USING LOCAL NETWORK AUDIT SENSORS AS DATA SOURCES FOR INTRUSION DETECTION Daniel Hamburg,1 York Tüchelmann Integrated Information Systems Group, Ruhr University Bochum, Germany Abstract: The increase of
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationIndex Terms Domain name, Firewall, Packet, Phishing, URL.
BDD for Implementation of Packet Filter Firewall and Detecting Phishing Websites Naresh Shende Vidyalankar Institute of Technology Prof. S. K. Shinde Lokmanya Tilak College of Engineering Abstract Packet
More informationAn Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus
An Evaluation of Machine Learning Method for Intrusion Detection System Using LOF on Jubatus Tadashi Ogino* Okinawa National College of Technology, Okinawa, Japan. * Corresponding author. Email: ogino@okinawa-ct.ac.jp
More informationProvider-Based Deterministic Packet Marking against Distributed DoS Attacks
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks Vasilios A. Siris and Ilias Stavrakis Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH)
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationHYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK
HYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK 1 K.RANJITH SINGH 1 Dept. of Computer Science, Periyar University, TamilNadu, India 2 T.HEMA 2 Dept. of Computer Science, Periyar University,
More informationAUTONOMOUS NETWORK SECURITY FOR DETECTION OF NETWORK ATTACKS
AUTONOMOUS NETWORK SECURITY FOR DETECTION OF NETWORK ATTACKS Nita V. Jaiswal* Prof. D. M. Dakhne** Abstract: Current network monitoring systems rely strongly on signature-based and supervised-learning-based
More informationAnalysis of a Distributed Denial-of-Service Attack
Analysis of a Distributed Denial-of-Service Attack Ka Hung HUI and OnChing YUE Mobile Technologies Centre (MobiTeC) The Chinese University of Hong Kong Abstract DDoS is a growing problem in cyber security.
More informationInternational Journal of Emerging Technologies in Computational and Applied Sciences (IJETCAS) www.iasir.net
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Emerging Technologies in Computational
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More informationFuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationFlexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks
Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks Prashil S. Waghmare PG student, Sinhgad College of Engineering, Vadgaon, Pune University, Maharashtra, India. prashil.waghmare14@gmail.com
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationIntrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)
ISCA Journal of Engineering Sciences ISCA J. Engineering Sci. Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS) Abstract Tiwari Nitin, Solanki Rajdeep
More informationIntruders and viruses. 8: Network Security 8-1
Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds
More informationPacket-Marking Scheme for DDoS Attack Prevention
Abstract Packet-Marking Scheme for DDoS Attack Prevention K. Stefanidis and D. N. Serpanos {stefanid, serpanos}@ee.upatras.gr Electrical and Computer Engineering Department University of Patras Patras,
More informationBotnet Detection Based on Degree Distributions of Node Using Data Mining Scheme
Botnet Detection Based on Degree Distributions of Node Using Data Mining Scheme Chunyong Yin 1,2, Yang Lei 1, Jin Wang 1 1 School of Computer & Software, Nanjing University of Information Science &Technology,
More informationAdaptive Discriminating Detection for DDoS Attacks from Flash Crowds Using Flow. Feedback
Adaptive Discriminating Detection for DDoS Attacks from Flash Crowds Using Flow Correlation Coeff icient with Collective Feedback N.V.Poorrnima 1, K.ChandraPrabha 2, B.G.Geetha 3 Department of Computer
More informationTwo State Intrusion Detection System Against DDos Attack in Wireless Network
Two State Intrusion Detection System Against DDos Attack in Wireless Network 1 Pintu Vasani, 2 Parikh Dhaval 1 M.E Student, 2 Head of Department (LDCE-CSE) L.D. College of Engineering, Ahmedabad, India.
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationSpeedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques
www.ijcsi.org 387 Speedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques Utkarsh Dixit 1, Shivali Gupta 2 and Om Pal 3 1 School of Computer Science, Centre
More informationAshok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.
Protection of Vulnerable Virtual machines from being compromised as zombies during DDoS attacks using a multi-phase distributed vulnerability detection & counter-attack framework Ashok Kumar Gonela MTech
More informationA SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM
A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM MS. DIMPI K PATEL Department of Computer Science and Engineering, Hasmukh Goswami college of Engineering, Ahmedabad, Gujarat ABSTRACT The Internet
More informationApplication of Adaptive Probing for Fault Diagnosis in Computer Networks 1
Application of Adaptive Probing for Fault Diagnosis in Computer Networks 1 Maitreya Natu Dept. of Computer and Information Sciences University of Delaware, Newark, DE, USA, 19716 Email: natu@cis.udel.edu
More informationIntrusion Forecasting Framework for Early Warning System against Cyber Attack
Intrusion Forecasting Framework for Early Warning System against Cyber Attack Sehun Kim KAIST, Korea Honorary President of KIISC Contents 1 Recent Cyber Attacks 2 Early Warning System 3 Intrusion Forecasting
More informationV-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks
Enabling Precise Defense against New DDoS Attacks 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against
More informationProtection against Denial of Service Attacks: Attack Detection
International Journal of Modern Engineering Research (IJMER) www.ijmer.com Pp-101-105 ISSN: 2249-6645 Protection against Denial of Service Attacks: Attack Detection 1 P.Babu Prakash Kumar, 2 Ashish Umesh
More informationDetection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
More informationInternational Journal of Computer Science and Network (IJCSN) Volume 1, Issue 5, October 2012 www.ijcsn.org ISSN 2277-5420. Bhopal, M.P.
Prevention of Buffer overflow Attack Blocker Using IDS 1 Pankaj B. Pawar, 2 Malti Nagle, 3 Pankaj K. Kawadkar Abstract 1 PIES Bhopal, RGPV University, 2 PIES Bhopal, RGPV University, 3 PIES Bhopal, RGPV
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationNetwork TrafficBehaviorAnalysisby Decomposition into Control and Data Planes
Network TrafficBehaviorAnalysisby Decomposition into Control and Data Planes Basil AsSadhan, Hyong Kim, José M. F. Moura, Xiaohui Wang Carnegie Mellon University Electrical and Computer Engineering Department
More informationWORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli
WORMS : attacks, defense and models Presented by: Abhishek Sharma Vijay Erramilli What is a computer worm? Is it not the same as a computer virus? A computer worm is a program that selfpropagates across
More informationDr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu. DDoS and IP Traceback. Overview
DDoS and IP Traceback Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu Louisiana State University DDoS and IP Traceback - 1 Overview Distributed Denial of Service
More informationOrchestration and detection of stealthy DoS/DDoS Attacks
Orchestration and detection of stealthy DoS/DDoS Attacks Mohammedshahzan A Mulla 1, Asst prof Shivraj V B 2 Mtech - Dept. of CSE CMRIT Bangalore. Abstract The accomplishment of the cloud computing model
More informationAn Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators
An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators Liang Xia Frank.xialiang@huawei.com Tianfu Fu Futianfu@huawei.com Cheng He Danping He hecheng@huawei.com
More informationA Systemfor Scanning Traffic Detection in 3G WCDMA Network
2012 IACSIT Hong Kong Conferences IPCSIT vol. 30 (2012) (2012) IACSIT Press, Singapore A Systemfor Scanning Traffic Detection in 3G WCDMA Network Sekwon Kim +, Joohyung Oh and Chaetae Im Advanced Technology
More informationSurvey on DDoS Attack Detection and Prevention in Cloud
Survey on DDoS Detection and Prevention in Cloud Patel Ankita Fenil Khatiwala Computer Department, Uka Tarsadia University, Bardoli, Surat, Gujrat Abstract: Cloud is becoming a dominant computing platform
More informationDetecting Anomalies in Network Traffic Using Maximum Entropy Estimation
Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation Yu Gu, Andrew McCallum, Don Towsley Department of Computer Science, University of Massachusetts, Amherst, MA 01003 Abstract We develop
More informationOn the Use of Compression Algorithms for Network Traffic Classification
On the Use of for Network Traffic Classification Christian CALLEGARI Department of Information Ingeneering University of Pisa 23 September 2008 COST-TMA Meeting Samos, Greece Outline Outline 1 Introduction
More informationApplication of Netflow logs in Analysis and Detection of DDoS Attacks
International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 8, Number 1 (2016), pp. 1-8 International Research Publication House http://www.irphouse.com Application of Netflow logs in
More informationThe Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack
The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack Asnita Hashim, University of Technology MARA, Malaysia April 14-15, 2011 The Integration of SNORT with K-Means Clustering
More informationInternational Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More information