Proceedings ArticleDOI
A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier
R. Vijayasarathy,S. V. Raghavan,Balaraman Ravindran +2 more
- pp 1-10
TLDR
The approach to a carefully engineered, practically realised system to detect DoS attacks using a Naìve Bayesian(NB) classifier is described, which includes network modeling for two protocols - TCP and UDP.Abstract:
Denial of Service(DoS) attacks pose a big threat to any electronic society. DoS and DDoS attacks are catastrophic particularly when applied to highly sensitive targets like Critical Information Infrastructure. While research literature has focussed on using various fundamental classifier models for detecting attacks, the common trend observed in literature is to classify DoS attacks into the broad class of intrusions, which makes proposed solutions to this class of attacks unrealistic in practical terms. In this work, the approach to a carefully engineered, practically realised system to detect DoS attacks using a Naive Bayesian(NB) classifier is described. The work includes network modeling for two protocols - TCP and UDP.read more
Citations
More filters
DissertationDOI
Intrusion detection using probabilistic graphical models
TL;DR: A Bayesian classifier by Bayesian Model Averaging (BMA) is built over the k-best Bayesian network classifiers, which shows that the BNMA classifier performs significantly better in terms of detection accuracy and Area Under ROC (AUC) than the Naive Bayes classifier and the Bayesian networks built with heuristic method.
Book ChapterDOI
Protective Frameworks and Schemes to Detect and Prevent High Rate DoS/DDoS and Flash Crowd Attacks: A Comprehensive Review
TL;DR: This review paper evaluates and describes the effectiveness of different existing Frameworks and Schemes for Detecting and Preventing High Rate DoS/DDoS and Flash Crowd attacks.
Dissertation
Mitigating DDoS attacks using data mining and density-based geographical clustering
TL;DR: This thesis presents an paradigm for countering DDoS attacks at the targeted victim by using elements from data mining and machine learning, and proposes two novel methods that focus on identifying hidden data structures in historical traffic to differentiate legitimate traffic from abnormal traffic.
Book ChapterDOI
Trends in Application of Machine Learning to Network-Based Intrusion Detection Systems
TL;DR: The paper analyzes the state of research of four particular ML techniques regarding their success in implementation as NIDS – Bayesian Networks (BN), Support Vector Machines (SVM), Artificial Neural Networks (ANN) and Self-organizing Maps (SOM).
Book ChapterDOI
Endpoint mitigation of DDoS attacks based on dynamic thresholding
TL;DR: The proposed endpoint mitigation method based on the dynamic thresholding of DDoS defense policies according to the usage changes of system resources automatically adjusts current defense thresholds in conjunction with the strength of usage change to overcome the problem caused by the fixed thresholds.
References
More filters
Journal ArticleDOI
A taxonomy of DDoS attack and DDoS defense mechanisms
Jelena Mirkovic,Peter Reiher +1 more
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Proceedings ArticleDOI
Statistical approaches to DDoS attack detection and response
TL;DR: Methods to identify DDoS attacks by computing entropy and frequency-sorted distributions of selected packet attributes and how the detectors can be extended to make effective response decisions are presented.
Proceedings Article
Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks.
Ari Juels,John G. Brainard +1 more
TL;DR: V WR FOL HQWV PDNLQJ VHUYLFH UHTXHVWV 7R FRPSOHWH LWV UH TXHVW D FOLHQW PXVW VROYH LWV SX]]OH FRUUHFWO\,Q WKLV SDSHU ZH GHVFULEH WKH F OLHQW SX]DWLRQ DQG JLYH D ULJRURXV SURRI
Book ChapterDOI
DOS-Resistant Authentication with Client Puzzles
TL;DR: In this paper, the authors show how stateless authentication protocols and the client puzzles of Juels and Brainard can be used to prevent denial of service by server resource exhaustion in open communications networks.