Detection of DoS attacks through Fourier transform and mutual information

Due to their recent appearance and the reduced requirements in terms of network bandwidth, Slow Denial of Service Attacks detection represents a particularly challenging problem. This paper presents a novel detection method, analyzing spectral features of the network traffic over small time horizons. The proposed method has been validated by extrapolating data referred to real traffic traces, elaborated over the Local Area Network of our research institute. We have considered different kinds of attacks and results show how the proposed approach is reliable and applicable also in other cybersecurity contexts.

[1]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[2]  Polina Zilberman,et al.  Trawling Traffic under Attack, Overcoming DDoS Attacks by Target-Controlled Traffic Filtering , 2009, PDCAT.

[3]  Taner Tuncer,et al.  Detection DoS Attack on FPGA Using Fuzzy Association Rules , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[5]  Mark Sandford,et al.  Detecting and classifying delay Data Exceptions on communication networks using rule based algorithms , 2005, Int. J. Commun. Syst..

[6]  Giovanni Chiola,et al.  Slow DoS attacks: definition and categorisation , 2013, Int. J. Trust. Manag. Comput. Commun..

[7]  George M. Mohay,et al.  Parametric Differences between a Real-world Distributed Denial-of-Service Attack and a Flash Event , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[8]  Panayiotis Kotzanikolaou,et al.  Evaluating security controls against HTTP-based DDoS attacks , 2013, IISA 2013.

[9]  Cristina Conde,et al.  Detecting denial of service by modelling web-server behaviour , 2013, Comput. Electr. Eng..

[10]  Ke Gao,et al.  A passive approach to wireless device fingerprinting , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[11]  Raheem A. Beyah,et al.  A passive technique for fingerprinting wireless devices with Wired-side Observations , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[12]  Radu State,et al.  PTF: Passive Temporal Fingerprinting , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[13]  Gavin Brown,et al.  Conditional Likelihood Maximisation: A Unifying Framework for Information Theoretic Feature Selection , 2012, J. Mach. Learn. Res..

[14]  Min Sik Kim,et al.  Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition , 2010, 2010 IEEE International Conference on Communications.

[15]  Michel Mandjes,et al.  Flow-Based Detection of DNS Tunnels , 2013, AIMS.

[16]  Maurizio Mongelli,et al.  An on-line intrusion detection approach to identify low-rate DoS attacks , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[17]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[18]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[19]  R Quian Quiroga,et al.  Performance of different synchronization measures in real data: a case study on electroencephalographic signals. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[20]  Maurizio Aiello,et al.  SlowReq: A Weapon for Cyberwarfare Operations. Characteristics, Limits, Performance, Remediations , 2013, SOCO-CISIS-ICEUTE.