A statistical approach to predictive detection
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on selected topics in network and systems management
A non-instrusive, wavelet-based approach to detecting network performance problems
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Adaptive Thresholding for Proactive Network Problem Detection
SMW '98 Proceedings of the IEEE Third International Workshop on Systems Management
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Computer system performance problem detection using time series models
Usenix-stc'93 Proceedings of the USENIX Summer 1993 Technical Conference on Summer technical conference - Volume 1
Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers
Information Security Applications
Temporal defenses for robust recommendations
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
SLA-based complementary approach for network intrusion detection
Computer Communications
Distributed detection/localization of change-points in high-dimensional network traffic data
Statistics and Computing
PSO-SFDD: Defense against SYN flooding DoS attacks by employing PSO algorithm
Computers & Mathematics with Applications
Improved anomaly detection using block-matching denoising
Computer Communications
LoRDAS: a low-rate dos attack against application servers
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Detecting SYN flooding attacks based on traffic prediction
Security and Communication Networks
Hi-index | 0.24 |
We investigate statistical anomaly detection algorithms for detecting SYN flooding, which is the most common type of Denial of Service (DoS) attack. The two algorithms considered are an adaptive threshold algorithm and a particular application of the cumulative sum (CUSUM) algorithm for change point detection. The performance is investigated in terms of the detection probability, the false alarm ratio, and the detection delay, using workloads of real traffic traces. Particular emphasis is on investigating the tradeoffs among these metrics and how they are affected by the parameters of the algorithm and the characteristics of the attacks. Such an investigation can provide guidelines to effectively tune the parameters of the detection algorithm to achieve specific performance requirements in terms of the above metrics.