Characteristics of wide-area TCP/IP conversations
SIGCOMM '91 Proceedings of the conference on Communications architecture & protocols
Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
TCP/IP illustrated (vol. 1): the protocols
TCP/IP illustrated (vol. 1): the protocols
On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Fast and scalable layer four switching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
High-speed policy-based packet forwarding using efficient multi-dimensional range matching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Packet classification on multiple fields
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
IP packet generation: statistical models for TCP start times based on connection-rate superposition
Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
What TCP/IP protocol headers can tell us about the web
Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Pop-level and access-link-level traffic dynamics in a tier-1 POP
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Computer
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Detection and analysis of routing loops in packet traces
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Analysis of link failures in an IP backbone
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Layer-4 Service Differentiation and Resource Isolation
RTAS '02 Proceedings of the Eighth IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS'02)
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Analyzing Distributed Denial of Service Tools: The Shaft Case
LISA '00 Proceedings of the 14th USENIX conference on System administration
Defensive programming: using an annotation toolkit to build DoS-resistant software
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Resisting SYN flood DoS attacks with a SYN cache
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Anomaly detection in IP networks
IEEE Transactions on Signal Processing
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
IDGraphs: Intrusion Detection and Analysis Using Stream Compositing
IEEE Computer Graphics and Applications
IEEE Transactions on Dependable and Secure Computing
Protecting TCP services from denial of service attacks
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Orchestration of Network-Wide Active Measurements for Supporting Distributed Computing Applications
IEEE Transactions on Computers
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Robust and efficient detection of DDoS attacks for large-scale internet
Computer Networks: The International Journal of Computer and Telecommunications Networking
Reversible sketches: enabling monitoring and analysis over high-speed data streams
IEEE/ACM Transactions on Networking (TON)
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Detection workload in a dynamic grid-based intrusion detection environment
Journal of Parallel and Distributed Computing
Protecting information infrastructure from DDoS attacks by MADF
International Journal of High Performance Computing and Networking
Optimizing away joins on data streams
SSPS '08 Proceedings of the 2nd international workshop on Scalable stream processing system
On Modeling Counteraction against TCP SYN Flooding
Information Networking. Towards Ubiquitous Networking and Services
A prediction-based detection algorithm against distributed denial-of-service attacks
Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly
On the detection of signaling DoS attacks on 3G/WiMax wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Accurate anomaly detection through parallelism
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Traceback-based Bloomfilter IPS in defending SYN flooding attack
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Highspeed and flexible source-end DDoS protection system using IXP2400 network processor
IPOM'07 Proceedings of the 7th IEEE international conference on IP operations and management
A distributed detecting method for SYN flood attacks and its implementation using mobile agents
MATES'09 Proceedings of the 7th German conference on Multiagent system technologies
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency
Computer Networks: The International Journal of Computer and Telecommunications Networking
Forecasting-based sampling decision for accurate and scalable anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
AnomBench: a benchmark for volume-based internet anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
On accurate and scalable anomaly detection in next generation mobile network
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
International Journal of Network Management
Understanding and evaluating the impact of sampling on anomaly detection techniques
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Expert Systems with Applications: An International Journal
DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis
IEEE/ACM Transactions on Networking (TON)
PAL: Propagation-aware Anomaly Localization for cloud hosted distributed applications
SLAML '11 Managing Large-scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques
Safeguard information infrastructure against DDoS attacks: experiments and modeling
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Intrusion detection with CUSUM for TCP-Based DDoS
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Anomaly-Based intrusion detection algorithms for wireless networks
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
How well can congestion pricing neutralize denial of service attacks?
Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
Flooding attacks detection in backbone traffic using power divergence
Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Thwarting DDoS attacks in grid using information divergence
Future Generation Computer Systems
Detecting SYN flooding attacks based on traffic prediction
Security and Communication Networks
FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
International Journal of Information Security and Privacy
On estimating actuation delays in elastic computing systems
Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems
Evaluation on multivariate correlation analysis based denial-of-service attack detection system
Proceedings of the First International Conference on Security of Internet of Things
ACTIDS: an active strategy for detecting and localizing network attacks
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
| Hi-index | 0.00 |
This paper presents a simple and robust mechanism, called Change-Point Monitoring (CPM), to detect denial of service (DoS) attacks. The core of CPM is based on the inherent network protocol behaviors and is an instance of the Sequential Change Point Detection. To make the detection mechanism insensitive to sites and traffic patterns, a nonparametric Cumulative Sum (CUSUM) method is applied, thus making the detection mechanism robust, more generally applicable, and its deployment much easier. CPM does not require per-flow state information and only introduces a few variables to record the protocol behaviors. The statelessness and low computation overhead of CPM make itself immune to any flooding attacks. As a case study, the efficacy of CPM is evaluated by detecting a SYN flooding attack驴the most common DoS attack. The evaluation results show that CPM has short detection latency and high detection accuracy.