论文信息 - On Detection of Malicious Users Using Group Testing Techniques

On Detection of Malicious Users Using Group Testing Techniques

Despite decades of research, there have not been developed concrete defense solutions for most of current attacks to Internet services, let alone new attack types. An essential problem to overcome is that malicious traffic can be similar to legitimate ones. Thus a more fundamental model which should be based on the overall performance of servers/subnets without inspecting each traffic must be remedied. Based on this observation, we propose a novel system framework, called detection of malicious users (DMU) which attempts to solve various attack types. Motivated by DMU, we introduce a new theoretical model, called size constraint group testing (SCGT). Several algorithms based on SCGT for various networking scenarios are proposed. We also provide several fundamental results on SCGT, revealing some necessary conditions to obtain an O(1) detection time algorithm.

Taieb Znati | Ying Xuan | My T. Thai | Incheol Shin

[1] R. Power. CSI/FBI computer crime and security survey , 2001 .

[2] Arkadii G. D'yachkov,et al. Optimal superimposed codes and designs for Renyi's search model , 2002 .

[3] Kotagiri Ramamohanarao,et al. Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[4] My T. Thai,et al. Approximation algorithms of non‐unique probes selection for biological target identification , 2007 .

[5] Péter Urbán,et al. An SNMP based failure detection service , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[6] Sampath Kannan,et al. Group testing problems with sequences in experimental molecular biology , 1997, Proceedings. Compression and Complexity of SEQUENCES 1997 (Cat. No.97TB100171).

[7] Weili Wu,et al. A Non-Unique Probes Selection Algorithm Using d-Disjunct Matrix , 2007, BIOCOMP.

[8] Weili Wu,et al. Decoding algorithms in pooling designs with inhibitors and error-tolerance , 2007, Int. J. Bioinform. Res. Appl..

[9] S.M. Bellovin,et al. Network firewalls , 1994, IEEE Communications Magazine.

[10] Peter Reiher,et al. A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[11] Nirwan Ansari,et al. Low rate TCP denial-of-service attack detection at edge routers , 2005, IEEE Communications Letters.

[12] Weili Wu,et al. Construction of d(H)-disjunct matrix for group testing in hypergraphs , 2006, J. Comb. Optim..