Return to search

Detection and analysis of low-rate attacks using network traffic analysis

In this study, I used a dataset that contains low-rate and SYN flood traffic which was generated by a test bed to simulate a Slow DoS attack, stressing a local server by initiating several HTTP POST connections and causing the request payloads to be transmitted slowly. The attack causes problems including interrupted access and noticeably decreased network performance by sending a large number of little packets slowly, which keeps connections open and overloads server resources. I filtered traffic using Wireshark based on factors including tiny payloads, a lot of SYN packets without ACKs, high initial RTTs, small window sizes, and noticeable intervals between packets. Then, using these data, I ran a custom script I had created on the pcap files to identify possible attack sessions

Identiferoai:union.ndltd.org:MSSTATE/oai:scholarsjunction.msstate.edu:td-7312
Date13 August 2024
CreatorsMatta, Nagasai Deepak
PublisherScholars Junction
Source SetsMississippi State University
Detected LanguageEnglish
Typetext
Formatapplication/pdf
SourceTheses and Dissertations

Page generated in 0.0022 seconds