Anomaly-based identification of large-scale attacks

Authors:
Thomas Gamer
Affiliations:
Institute of Telematics, University of Karlsruhe, Germany
Venue:
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Year:
2009

Citing 11
Cited 1

A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
DDoS attacks and defense mechanisms: classification and state-of-the-art

Computer Networks: The International Journal of Computer and Telecommunications Networking
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Denial-of-Service Attack-Detection Techniques

IEEE Internet Computing
Identifying Intrusions in Computer Networks with Principal Component Analysis

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
The need for simulation in evaluating anomaly detectors

ACM SIGCOMM Computer Communication Review
Realistic simulation environments for IP-based networks

Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Distack -- A Framework for Anomaly-Based Large-Scale Attack Detection

SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
An extensible and flexible system for network anomaly detection

AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Network intrusion and fault detection: a statistical anomaly approach

IEEE Communications Magazine
Efficient Mining of the Multidimensional Traffic Cluster Hierarchy for Digesting, Visualization, and Anomaly Identification

IEEE Journal on Selected Areas in Communications

Collaborative anomaly-based detection of large-scale internet attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Large-scale attacks like Distributed Denial-of-Service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based business. Thus, many attack detection systems using various anomaly detection methods were developed in the past. These detection systems result in a set of anomalies detected by analysis of the traffic behavior. A realtime identification of the attack type that is represented by those anomalies simplifies important tasks like taking countermeasures and visualizing the network state. In addition, an identification facilitates a collaboration of distributed heterogeneous detection systems. In this paper, we first lay the foundations for a generalized identification system by establishing a model of those entities that form anomaly-based attack detection: large-scale attacks, anomalies, and anomaly detection methods. Based on this flexible model, an adaptable and resource-aware system for the identification of large-scale attacks is developed that additionally offers an autonomous processing control.