If not the most, one of the serious threats to data networks, particularly pervasive
commercial networks such as Voice-over-IP (VoIP) providers is Denial-of-Service (DoS) attack. Currently, majority of solutions for these attacks focus on observing detailed server state changes due to any or some of the incoming messages. This approach however requires significant amount of server’s memory and processing time.
This results in detectors not being able to scale up to the network edge points that
receive millions of connections (requests) per second. To solve this problem, it is
desirable to design stateless detection mechanisms. One approach is to aggregate
transactions into groups. This research focuses on stateless scalable DoS intrusion
detection mechanisms to obviate keeping detailed state for connections while maintaining acceptable efficiency. To this end, we adopt a two-layer aggregation scheme
termed Advanced Partial Completion Filters (APCF), an intrusion detection model that defends against DoS attacks without tracking state information of each individual connection. Analytical as well as simulation analysis is performed on the proposed APCF. A simulation test bed has been implemented in OMNET++ and through simulations it is observed that APCF gained notable detection rates in terms of false positive and true positive detections, as opposed to its predecessor PCF. Although further study is needed to relate APCF adjustments to a certain network situation, this research shows invaluable gain to mitigate intrusion detection from not so scalable state-full mechanisms to aggregate scalable approach.
Identifer | oai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/1084 |
Date | 22 August 2008 |
Creators | Hamidi, Alireza |
Contributors | Ganti, Sudhakar |
Source Sets | University of Victoria |
Language | English, English |
Detected Language | English |
Type | Thesis |
Rights | Available to the World Wide Web |
Page generated in 0.0032 seconds