Towards multisensor data fusion for DoS detection

In our present work we introduce the use of data fusion in the field of DoS anomaly detection. We present Dempster-Shafer's Theory of Evidence (D-S) as the mathematical foundation for the development of a novel DoS detection engine. Based on a data fusion paradigm, we combine multiple evidence generated from simple heuristics to feed our D-S inference engine and attempt to detect flooding attacks.Our approach has as its main advantages the modeling power of Theory of Evidence in expressing beliefs in some hypotheses, the ability to add the notions of uncertainty and ignorance in the system and the quantitative measurement of the belief and plausibility in our detection results.We evaluate our detection engine prototype through a set of experiments, that were conducted with real network traffic and with the use of common DDoS tools. We conclude that data fusion is a promising approach that could increase the DoS detection rate and decrease the false alarm rate.

[1]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[2]  James Llinas,et al.  Multisensor Data Fusion , 1990 .

[3]  D. L. Hall,et al.  Mathematical Techniques in Multisensor Data Fusion , 1992 .

[4]  Jürg Kohlas,et al.  Theory of evidence — A survey of its mathematical foundations, applications and computational aspects , 1994, Math. Methods Oper. Res..

[5]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[6]  Hanseok Ko,et al.  TRAFFIC INCIDENT DETECTION USING EVIDENTIAL REASONING BASED DATA FUSION , 1999 .

[7]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[8]  Kevin Tomsovic Fuzzy Information Approaches to Equipment Condition Monitoring and Diagnosis , 2000 .

[9]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[10]  Pramod K. Varshney,et al.  Multisensor Data Fusion , 1997, IEA/AIE.

[11]  Paul Barford,et al.  Characteristics of network traffic flow anomalies , 2001, IMW '01.

[12]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[13]  Jie Yang,et al.  Sensor Fusion Using Dempster-Shafer Theory , 2002 .

[14]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[15]  Bharat K. Bhargava,et al.  Detecting Service Violations and DoS Attacks , 2003, NDSS.

[16]  Luca Deri Passively Monitoring Networks at Gigabit Speeds Using Commodity Hardware and Open Source Software , 2003 .

[17]  Sonya A. H. McMullen,et al.  Mathematical Techniques in Multisensor Data Fusion (Artech House Information Warfare Library) , 2004 .

[18]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[19]  D. Curry,et al.  Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition , 2004 .