论文信息 - Denial of Service Intrusion Detection Using Time Dependent Deterministic Finite Automata

Denial of Service Intrusion Detection Using Time Dependent Deterministic Finite Automata

In this paper, we describe a new approach for the real-time detection of denial of service computer attacks using timedependent deterministic finite automata. Current networkbased intrusion detection systems employ state-transition based methods as a primary mean to detecting system penetrations and misuse as well. However, we utilize the time intervals between certain event occurrences [as defined in our automaton] to improve the accuracy of detecting specific denial of service attacks. Unlike some other detection systems, our design also lends itself to a distributed detection architecture, permitting non-obtrusive attack signature updating and operating system portability. This paper discusses the implementation of our prototype along with results from its test evaluation using publicly available data.

Boleslaw K. Szymanski | Joel W. Branch | Alan Bivens | Chi Yu Chan | Taek Kyeun Lee

[1] Karl N. Levitt,et al. GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[2] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[3] Eitan M. Gurari,et al. Introduction to the theory of computation , 1989 .

[4] Giovanni Vigna,et al. NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[5] Giovanni Vigna,et al. STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[6] James Cannady,et al. Artificial Neural Networks for Misuse Detection , 1998 .

[7] David Bausum. Book Review: UNIX Network Programming, Volume 1, Second Edition , 1998 .

[8] Boleslaw K. Szymanski,et al. Agent-Based Network Monitoring , 1999 .

[9] Peter G. Neumann,et al. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[10] W. Richard Stevens,et al. Unix network programming , 1990, CCRV.