A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
Identifying Intrusions in Computer Networks with Principal Component Analysis
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Realistic simulation environments for IP-based networks
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Distack -- A Framework for Anomaly-Based Large-Scale Attack Detection
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
An extensible and flexible system for network anomaly detection
AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Network intrusion and fault detection: a statistical anomaly approach
IEEE Communications Magazine
IEEE Journal on Selected Areas in Communications
Collaborative anomaly-based detection of large-scale internet attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Large-scale attacks like Distributed Denial-of-Service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based business. Thus, many attack detection systems using various anomaly detection methods were developed in the past. These detection systems result in a set of anomalies detected by analysis of the traffic behavior. A realtime identification of the attack type that is represented by those anomalies simplifies important tasks like taking countermeasures and visualizing the network state. In addition, an identification facilitates a collaboration of distributed heterogeneous detection systems. In this paper, we first lay the foundations for a generalized identification system by establishing a model of those entities that form anomaly-based attack detection: large-scale attacks, anomalies, and anomaly detection methods. Based on this flexible model, an adaptable and resource-aware system for the identification of large-scale attacks is developed that additionally offers an autonomous processing control.