• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

An aggregative approach for scalable detection of DoS attacks

Hamidi, Alireza 22 August 2008 (has links)
If not the most, one of the serious threats to data networks, particularly pervasive commercial networks such as Voice-over-IP (VoIP) providers is Denial-of-Service (DoS) attack. Currently, majority of solutions for these attacks focus on observing detailed server state changes due to any or some of the incoming messages. This approach however requires significant amount of server’s memory and processing time. This results in detectors not being able to scale up to the network edge points that receive millions of connections (requests) per second. To solve this problem, it is desirable to design stateless detection mechanisms. One approach is to aggregate transactions into groups. This research focuses on stateless scalable DoS intrusion detection mechanisms to obviate keeping detailed state for connections while maintaining acceptable efficiency. To this end, we adopt a two-layer aggregation scheme termed Advanced Partial Completion Filters (APCF), an intrusion detection model that defends against DoS attacks without tracking state information of each individual connection. Analytical as well as simulation analysis is performed on the proposed APCF. A simulation test bed has been implemented in OMNET++ and through simulations it is observed that APCF gained notable detection rates in terms of false positive and true positive detections, as opposed to its predecessor PCF. Although further study is needed to relate APCF adjustments to a certain network situation, this research shows invaluable gain to mitigate intrusion detection from not so scalable state-full mechanisms to aggregate scalable approach.

Page generated in 0.0973 seconds