Intrusion detection systems and multisensor data fusion
Communications of the ACM
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
NetSTAT: a network-based intrusion detection system
Journal of Computer Security
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Combining active and passive network measurements to build scalable monitoring systems on the grid
ACM SIGMETRICS Performance Evaluation Review
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Edge-to-edge measurement-based distributed network monitoring
Computer Networks: The International Journal of Computer and Telecommunications Networking
Monitoring and controlling QoS network domains
International Journal of Network Management
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
One-way queuing delay measurement and its application on detecting DDoS attack
Journal of Network and Computer Applications
Network Topology Inference Based on Delay Variation
ICACC '09 Proceedings of the 2009 International Conference on Advanced Computer Control
Application of anomaly detection algorithms for detecting SYN flooding attacks
Computer Communications
Assured end-to-end QoS through adaptive marking in multi-domain differentiated services networks
Computer Communications
On detecting service violations and bandwidth theft in QoS network domains
Computer Communications
MPLS and traffic engineering in IP networks
IEEE Communications Magazine
Evaluation and characterization of available bandwidth probing techniques
IEEE Journal on Selected Areas in Communications
IEEE Network: The Magazine of Global Internetworking
Traffic engineering with MPLS in the Internet
IEEE Network: The Magazine of Global Internetworking
Service Violation Monitoring Model for Detecting and Tracing Bandwidth Abuse
Journal of Network and Systems Management
| Hi-index | 0.24 |
Enhancing the intrusion detection system is essential to maintain user confidence in network services security. However, the threat of intruders on Internet services is prevalent. This paper proposes a distributed edge-to-edge complementary approach for intrusion detection in a DiffServ/MPLS domain. The QoS metrics are inspected at the edges routers to determine anomalous behavior in the network traffic. Consumed ratios of one-way delay variation (OWDV) and packet loss are computed to monitor service level agreement (SLA) violations. The bandwidth ratio is measured to differentiate abnormal from normal traffic as well as to detect multiple intrusions launched simultaneously. We employed SLA as a comparison scale to infer the deviation between the users consumed ratios and the predefined ratios in the SLA. Service violation occurs and intrusion may be launched when the predefined ratios are exceeded. The complementary services of DiffServ and MPLS techniques guarantee accurate measurements, whereas the complementary measurements of active and passive techniques immunize network performance against scalability limitation. Simulation results indicate that the proposed approach is capable of monitoring SLA violations and can filter out traffic of intruders who breach SLA without disturbing the normal traffic of legitimate users.