论文信息 - Distributed change detection for worms, DDoS and other network attacks

Distributed change detection for worms, DDoS and other network attacks

Self-propagating code (worms) and distributed denial of service (DDoS) attacks are the most frequent and quite devastating attacks on communication networks and the Internet. We provide novel formulations for the rapid detection of these attacks in the control-theoretic framework of change detection. We present algorithms that effectively can detect worms from their temporal spreading characteristics. We describe the effects of the network topology on the algorithms and their performance. We next present algorithms for detecting DDoS while discriminating against changes in the normal traffic. This is accomplished by a distributed detection formalism where a concept of directionality is introduced and exploited. We then turn into attacks to routing protocols in mobile wireless networks. We develop change detection formulations involving hidden Markov models, which match distribution of the number of hops in the mobile and wireless nodes. Using observations that suggest that this distribution is altered substantially in the presence of such attacks we develop and analyze algorithms for their detection.

[1] Peter Willett,et al. Detection of hidden Markov model transient signals , 2000, IEEE Trans. Aerosp. Electron. Syst..

[2] Albert-László Barabási,et al. Statistical mechanics of complex networks , 2001, ArXiv.

[3] Wenke Lee,et al. Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[4] Lawrence R. Rabiner,et al. A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[5] Charles E. Perkins,et al. Ad Hoc Networking , 2001 .

[6] B. Brodsky,et al. Nonparametric Methods in Change Point Problems , 1993 .

[7] Venugopal V. Veeravalli,et al. Multihypothesis sequential probability ratio tests - Part I: Asymptotic optimality , 1999, IEEE Trans. Inf. Theory.

[8] George V. Moustakides. Quickest Detection of Abrupt Changes for a Class of Random Processes , 1998, IEEE Trans. Inf. Theory.

[9] Alvaro A. Cardenas,et al. Change Detection Algorithms for Information Assurance of Computer Networks , 2002 .

[10] Michèle Basseville,et al. Detection of abrupt changes: theory and application , 1993 .

[11] Vern Paxson,et al. How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.