Extraction for Characteristics of Anomaly Accessed IP Packets Based on Statistical Analysis

To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.

[1]  Takuo Nakashima,et al.  A Detective Method for SYN Flood Attacks , 2006, First International Conference on Innovative Computing, Information and Control - Volume I (ICICIC'06).

[2]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[3]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[4]  Tsuneo Katsuyama,et al.  A wavelet-based framework for proactive detection of network misconfigurations , 2004, NetT '04.

[5]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.