A DoS Detection Method Based on Composition Self-Similarity

Zhu, Jin

doi:10.3837/tiis.2012.05.012

Cited by 5 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are many techniques available to detect and mitigate DoS attacks in IP‐address‐based communications. They include from simple monitoring of traffic anomalies to highly advanced solutions using artificial intelligence, per‐flow‐based traffic analysis, and many more . Their applicability in CCN paradigm is yet to be checked according to its routing mechanism.…”

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Denial‐of‐service in content centric (named data) networking: a tutorial and state‐of‐the‐art survey

Aamir¹,

Zaidi

2014

Security Comm Networks

View full text Add to dashboard Cite

Content centric networking (CCN) is a paradigm shift from current Internet protocol‐address‐based communication model to content‐oriented model in computer networks. Like traditional networks, it is identified that CCN is also vulnerable to many security threats including denial‐of‐service (DoS). This fact has recently caught a considerable attention in research community while different proposals of defense are being published. In this paper, we provide a literature review on different types of possible DoS attacks in CCN and their proposed countermeasures. DoS attacks can be triggered in CCN to exhaust resources within a CCN router or the ultimate content source(s). Two characteristics of CCN, that is, state maintenance of forwarded requests in a router using pending interest table and the fact that a response (content) follows the same path in reverse direction through which the corresponding request (interest) travels have been taken as major advantages to fight against DoS attacks in CCN under different proposed approaches. This survey makes a contribution by (a) highlighting state‐of‐the‐art work in a tutorial manner on the exploration of different DoS attacks and their countermeasures in CCN, (b) identifying some potential problems of current CCN features and existing proposals of defense, and (c) forecasting and providing an overview of a few possible future techniques to help researchers fight against CCN‐DoS attacks. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Denial‐of‐service in content centric (named data) networking: a tutorial and state‐of‐the‐art survey

Aamir¹,

Zaidi

2014

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…A slightly different perspective was wavelets-based analysis presented in Kaur et al 26 The test of selfsimilarity is conducted to differentiate between legitimate flash events and expanding DDoS attacks. In the same manner, another wavelet-based method for detecting outliers, such as DDoS attacks, in regards to LRD behavior of network traffic is presented in Zhang et al 27 In Jian-Qi et al, 28 the composition self-similarity anomaly detection (CSSD) of network traffic is presented for the detection of DoS attacks. Now, by merely monitoring the LRD behavior and self-similar property of network traffic, one could pick up network anomalies, as they would influence the deviation in such conditions.…”

Section: Literature Reviewmentioning

confidence: 99%

Network anomaly detection using a cross‐correlation‐based long‐range dependence analysis

et al. 2020

View full text Add to dashboard Cite

The detection of anomalies in network traffic is an important task in today's Internet. Among various anomaly detection methods, the techniques based on examination of the long-range dependence (LRD) behavior of network traffic stands out to be powerful. In this paper, we reveal anomalies in aggregated network traffic by examining the LRD behavior based on the cross-correlation function of the bidirectional control and data planes traffic. Specifically, observing that the conventional cross-correlation function has a low measure of dissimilarity between the two planes, which leads to a reduced anomaly detection performance, we propose a modification of the cross-correlation function to mitigate this issue. The performance of the proposed method is analyzed using a relatively recent Internet traffic captured at King Saud University. The results demonstrate that using the modified cross-correlation function has the ability to detect low volume and short duration attacks. It also compensates for some misdetections exhibited by using the autocorrelation structures of the bidirectional traffic of the control, data, and WHOLE (combined control and data) planes traffic. 1 | INTRODUCTION Internet services have been rapidly evolving due to continuous emergence of new technologies and high bandwidth applications. According to Cisco, the annual global IP traffic is expected to reach 3.30 Zettabyte by 2021. 1 This growth has introduced many challenges in terms of securing information, reliability of data transfer, and detection of traffic anomalies and attacks. Anomalies are patterns of data that deviate from normal behavior. A broad variety of such patterns in Internet traffic are frequently faced by network operators. These patterns could represent genuine abnormalities induced by physical or technical issues, such as high-rate flows, network outage, and sudden changes due to flash crowds. 2 However, such patterns could also be generated by malicious activities such as cyber intrusions, distributed denial of service (DDoS) attacks, port scanning, and worm propagation. 3,4 This type of malicious activities could likely introduce disastrous effects on the proper operation of networks. The mentioned malicious activities are considerably growing with time. According to the worldwide infrastructure security report, 5 it is evident that the volume of these attacks on data centers, networks infrastructures, and

show abstract

“…Reactive defenses, for example, , endeavor to curtail the attack and alleviate its impact on legitimate flows. In order to achieve this, they need to detect the attack as quickly as possible and to respond to it by dropping the malicious traffic it generates.…”

Section: Introductionmentioning

confidence: 99%

TDPF: a traceback‐based distributed packet filter to mitigate spoofed DDoS attacks

Fallah

Kahani

2013

Security Comm Networks

View full text Add to dashboard Cite

Defense mechanisms against distributed denial-of-service (DDoS) attacks usually mitigate the attack by filtering out the excess traffic targeted at the victim. These defenses should be able to discriminate the attack from the legitimate traffic so that filtering can be selectively applied. The problem is exacerbated when spoofed addresses are used in attack packets. This paper proposes traceback-based distributed packet filter (TDPF), a novel distributed packet filtering mechanism that employs IP traceback as a means for traffic discrimination. In this defense mechanism, packet filters are relocated to the routers nearer the attack sources whenever the traceback algorithm adds such nodes to the attack tree. The filtering probabilities at packet filters are also dynamically adjusted to the volume of traffic the victim receives from each filtering router. In this way, TDPF is able to achieve a high throughput of legitimate traffic while blocking malicious flows. The burden it imposes on a participating router is negligible as well. Moreover, unlike the earlier traceback-based defenses, it can defend against intense DDoS attacks. Experimental results show that TDPF is effective in different attack scenarios.

show abstract

A DoS Detection Method Based on Composition Self-Similarity

Cited by 5 publications

References 9 publications

Denial‐of‐service in content centric (named data) networking: a tutorial and state‐of‐the‐art survey

Denial‐of‐service in content centric (named data) networking: a tutorial and state‐of‐the‐art survey

Network anomaly detection using a cross‐correlation‐based long‐range dependence analysis

TDPF: a traceback‐based distributed packet filter to mitigate spoofed DDoS attacks

Contact Info

Product

Resources

About