This work focuses on detection of denial of service (DoS) attacks which utilize random spoofing of source IP address in attack packets. These types of attacks lead to generation of side effect in a form of backscatter that can be used to identify victims of such attacks. Backscatter analysis has so far been limited to unused address space ranges referred to as network telescopes. This work therefore proposes a new method of DoS attack detection via backscatter outside of network telescope environment where legitimate user traffic is also present. Furthermore proposed approach uses only abstracted traffic in a form of network flows. Presented method was implemented as part of NEMEA system and tested on real flow data capture provided by CESNET.
Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:445542 |
Date | January 2021 |
Creators | Marušiak, Martin |
Contributors | Tisovčík, Peter, Žádník, Martin |
Publisher | Vysoké učení technické v Brně. Fakulta informačních technologií |
Source Sets | Czech ETDs |
Language | Czech |
Detected Language | English |
Type | info:eu-repo/semantics/masterThesis |
Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0021 seconds