An extensible and flexible system for network anomaly detection

Authors:
Thomas Gamer;Marcus Schöller;Roland Bless
Affiliations:
Institut für Telematik, Universität Karlsruhe (TH), Germany;Institut für Telematik, Universität Karlsruhe (TH), Germany;Institut für Telematik, Universität Karlsruhe (TH), Germany
Venue:
AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Year:
2006

Citing 7
Cited 3

Denial-of-Service Attacks Rip the Internet

Computer
Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
AEGIS: An Active-Network-Powered Defense Mechanism against DDoS Attacks

IWAN '01 Proceedings of the IFIP-TC6 Third International Working Conference on Active Networks
IBAN: Intrusion Blocker Based on Active Networks

DANCE '02 Proceedings of the 2002 DARPA Active Networks Conference and Exposition
Active Network Based DDoS Defense

DANCE '02 Proceedings of the 2002 DARPA Active Networks Conference and Exposition
The Spread of the Witty Worm

IEEE Security and Privacy
A detection and filter system for use against large-scale DDoS attacks in the internet backbone

IWAN'04 Proceedings of the 6th IFIP TC6 international working conference on Active networks

Distributed detection of large-scale attacks in the internet

CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Anomaly-based identification of large-scale attacks

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Collaborative anomaly-based detection of large-scale internet attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network hazards like attacks or misbehaving nodes are still a great obstacle for network operators. Distributed denial of service attacks and worm propagations do not only affect the attacked nodes but also the network itself by wasting network resources. In wireless ad hoc networks even more hazards exist due to its self-organizing characteristic. A detection of such network hazards as early as possible enables a fast deployment of appropriate countermeasures and thereby significantly improves network operation. Our proposed detection system uses programmable network technology to deploy such a system within the network itself. Doing this without influencing the routing performance seriously demands a resource saving architecture. We therefore propose to use a hierarchical architecture which runs a very small basic stage all the time and loads specialized detection modules on demand to verify the network hazard. In this paper we introduce our system which can detect DDoS attacks, worm propagations, and wormhole attacks.