An on-line intrusion detection approach to identify low-rate DoS attacks

This paper addresses the problem of detection of “Slow” Denial of Service attacks. The problem is particularly challenging in virtue of the reduced amount of bandwidth generated by the attacks. A novel detection method is presented, which analyzes specific spectral features of traffic over small time horizons. No packet inspection is required. Extrapolated data refer to real traffic traces, elaborated over the Local Area Network of our Institute. Different kinds of attacks have been considered as well. The results show how the proposed method is reliable and applicable in many other contexts.

[1]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[2]  Fernando Gont,et al.  Security Assessment of the Transmission Control Protocol (TCP) , 2009 .

[3]  George M. Mohay,et al.  Parametric Differences between a Real-world Distributed Denial-of-Service Attack and a Flash Event , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[4]  Michel Mandjes,et al.  Flow-Based Detection of DNS Tunnels , 2013, AIMS.

[5]  Min Sik Kim,et al.  Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition , 2010, 2010 IEEE International Conference on Communications.

[6]  Maurizio Aiello,et al.  SlowReq: A Weapon for Cyberwarfare Operations. Characteristics, Limits, Performance, Remediations , 2013, SOCO-CISIS-ICEUTE.

[7]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[8]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[9]  Taner Tuncer,et al.  Detection DoS Attack on FPGA Using Fuzzy Association Rules , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[10]  Mark Sandford,et al.  Detecting and classifying delay Data Exceptions on communication networks using rule based algorithms , 2005, Int. J. Commun. Syst..

[11]  Panayiotis Kotzanikolaou,et al.  Evaluating security controls against HTTP-based DDoS attacks , 2013, IISA 2013.

[12]  K. M Prasad,et al.  Discriminating DDoS Attack traffic from Flash Crowds on Internet Threat Monitors (ITM) Using Entropy variations , 2013 .

[13]  Giovanni Chiola,et al.  Slow DoS attacks: definition and categorisation , 2013, Int. J. Trust. Manag. Comput. Commun..

[14]  Christian Callegari,et al.  Improving PCA‐based anomaly detection by using multiple time scale analysis and Kullback–Leibler divergence , 2014, Int. J. Commun. Syst..

[15]  Cristina Conde,et al.  Detecting denial of service by modelling web-server behaviour , 2013, Comput. Electr. Eng..

[16]  Polina Zilberman,et al.  Trawling Traffic under Attack, Overcoming DDoS Attacks by Target-Controlled Traffic Filtering , 2009, PDCAT.