Application of anomaly detection algorithms for detecting SYN flooding attacks

Authors:
Vasilios A. Siris;Fotini Papagalou
Affiliations:
Institute of Computer Science, Foundation for Research and TechnologyHellas (FORTH), P.O. Box 1385, GR 711 10 Heraklion, Crete, Greece;Institute of Computer Science, Foundation for Research and TechnologyHellas (FORTH), P.O. Box 1385, GR 711 10 Heraklion, Crete, Greece
Venue:
Computer Communications
Year:
2006

Citing 6
Cited 11

A statistical approach to predictive detection

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on selected topics in network and systems management
A non-instrusive, wavelet-based approach to detecting network performance problems

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Adaptive Thresholding for Proactive Network Problem Detection

SMW '98 Proceedings of the IEEE Third International Workshop on Systems Management
Aberrant Behavior Detection in Time Series for Network Monitoring

LISA '00 Proceedings of the 14th USENIX conference on System administration
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Computer system performance problem detection using time series models

Usenix-stc'93 Proceedings of the USENIX Summer 1993 Technical Conference on Summer technical conference - Volume 1

Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic

NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers

Information Security Applications
Temporal defenses for robust recommendations

PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
SLA-based complementary approach for network intrusion detection

Computer Communications
Distributed detection/localization of change-points in high-dimensional network traffic data

Statistics and Computing
PSO-SFDD: Defense against SYN flooding DoS attacks by employing PSO algorithm

Computers & Mathematics with Applications
Detecting signals of new technological opportunities using semantic patent analysis and outlier detection

Scientometrics
Improved anomaly detection using block-matching denoising

Computer Communications
LoRDAS: a low-rate dos attack against application servers

CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
A multilayer overlay network architecture for enhancing IP services availability against dos

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Detecting SYN flooding attacks based on traffic prediction

Security and Communication Networks

Quantified Score

Hi-index	0.24

Visualization

Abstract

We investigate statistical anomaly detection algorithms for detecting SYN flooding, which is the most common type of Denial of Service (DoS) attack. The two algorithms considered are an adaptive threshold algorithm and a particular application of the cumulative sum (CUSUM) algorithm for change point detection. The performance is investigated in terms of the detection probability, the false alarm ratio, and the detection delay, using workloads of real traffic traces. Particular emphasis is on investigating the tradeoffs among these metrics and how they are affected by the parameters of the algorithm and the characteristics of the attacks. Such an investigation can provide guidelines to effectively tune the parameters of the detection algorithm to achieve specific performance requirements in terms of the above metrics.