NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 1 to 1 of 1 (0.088 seconds)

Spelling suggestions: "subject:"aanalysis off SNMP 4traffic data"" "subject:"aanalysis off SNMP 4traffic mata""

1

Mining Network Traffic Data for Supporting Denial of Service Attack Detection

Ma, Shu-Chen 17 August 2005 (has links)
Denial of Service (DoS) attacks aim at rendering a computer or network incapable of providing normal services by exploiting bugs or holes of system programs or network communication protocols. Existing DoS attack defense mechanisms (e.g., firewalls, intrusion detection systems, intrusion prevention systems) typically rely on data gathered from gateways of network systems. Because these data are IP-layer or above packet information, existing defense mechanisms are incapable of detecting internal attacks or attackers who disguise themselves by spoofing the source IP addresses of their packets. To address the aforementioned limitations of existing DoS attack defense mechanisms, we propose a classification-based DoS attack detection technique on the basis of the SNMP MIB II data from the network interface to induce a DoS detection model from a set of training examples that consist of both normal and attack traffic data). The constructed DoS detection model is then used for predicting whether a network traffic from the network interface is a DoS attack. To empirically evaluate our proposed classification-based DoS attack detection technique, we collect, with various traffic aggregation intervals (including 1, 3, and 5 minutes), normal network traffic data from two different environments (including an enterprise network, and a university campus network) and attack network traffics (including TCP SYN Flood, Land, Fake Ping, and Angry Ping) from an independent experimental network. Our empirical evaluation results show that the detection accuracy of the proposed technique reaches 98.59% or above in the two network environments. The evaluation results also suggest that the proposed technique is insensitive to the traffic aggregation intervals examined and has a high distinguishing power for the four types of DoS attacks under investigation.
Denial of Service
Analysis of SNMP Traffic Data
Data Mining
Classification Analysis
Attack Detection
Network Security

Page generated in 0.0937 seconds