Detection of unknown dos attacks by kolmogorov-complexity fluctuation

Authors:
Takayuki Furuya;Takahiro Matsuzaki;Kanta Matsuura
Affiliations:
Institute of Industrial Science, The University of Tokyo, Tokyo, Japan;Institute of Industrial Science, The University of Tokyo, Tokyo, Japan;Institute of Industrial Science, The University of Tokyo, Tokyo, Japan
Venue:
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Year:
2005

Citing 17
Cited 0

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Elements of information theory

Elements of information theory
An introduction to Kolmogorov complexity and its applications

An introduction to Kolmogorov complexity and its applications
Protecting routing infrastructures from denial of service using cooperative intrusion detection

NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Protecting web servers from distributed denial of service attacks

Proceedings of the 10th international conference on World Wide Web
Service specific anomaly detection for network intrusion detection

Proceedings of the 2002 ACM symposium on Applied computing
Towards Network Denial of Service Resistant Protocols

Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
A practical method to counteract denial of service attacks

ACSC '03 Proceedings of the 26th Australasian computer science conference - Volume 16
IP Traceback: A New Denial-of-Service Deterrent?

IEEE Security and Privacy
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Towards multisensor data fusion for DoS detection

Proceedings of the 2004 ACM symposium on Applied computing
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Channel surfing and spatial retreats: defenses against wireless denial of service

Proceedings of the 3rd ACM workshop on Wireless security
Operational experiences with high-volume network intrusion detection

Proceedings of the 11th ACM conference on Computer and communications security
Design and implement of firewall-log-based online attack detection system

InfoSecu '04 Proceedings of the 3rd international conference on Information security
Intrusion detection: a brief history and overview

Computer
Proactive anomaly detection using distributed intelligent agents

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Detection of unknown Denial-of-Service (DoS) attacks is a hard issue. What attackers do is simply to consume a large amount of target resources. This simple feature allows attackers to create a wide variety of attack flows, and hence we must find a sophisticated general metric for detection. A possible metric is Kolmogorov Complexity (KC), a measure of the size of the smallest program capable of representing the given piece of data flows because DoS attacks, known or unknown, are anyway launched by computer programs. However, there are no established DoS-detection methods which make use of this possibility. And to make matters worse, it is well known that KC cannot be rigorously computed. In this paper, we compare three different KC estimation methods including a new proposal of our own, and propose a new DoS-detection method by monitoring fluctuation of KC differentials.