An introduction to software agents
Software agents
IP Quality of Service
D-ward: source-end defense against distributed denial-of-service attacks
D-ward: source-end defense against distributed denial-of-service attacks
The Tao Of Network Security Monitoring: Beyond Intrusion Detection
The Tao Of Network Security Monitoring: Beyond Intrusion Detection
Behavioral distance for intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Improving host-based IDS with argument abstraction to prevent mimicry attacks
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Interactive visualization for network and port scan detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.01 |
Resource starvation Denial of Service (DoS) attacks cause the attacked services to be denied to legitimate users. This paper introduces an approach to proactively detect such a DoS attack in its early development stages and therefore avoid damage. Our approach uses the set of data in the Management Information Base (MIB) retrieved by the Simple Network Management Protocol (SNMP). MIB traffic data (such as origin/destination; TCP connection state) and process table content (memory/CPU utilisation by specific processes) are used to construct performance profiles over long and short time scales. We define appropriate indicators and identifiable steps (check points) where resource starvation DoS attacks are recognised and stopped before they affect a system. By detecting in the early development stages, it is possible to avoid service interruption, system availability problems and other related effects, such as system and bandwidth performance degradation caused by legitimate operations.