Proceedings ArticleDOI
Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition
Haiqin Liu,Min Sik Kim +1 more
- pp 1-6
Reads0
Chats0
TLDR
A detection approach based on time-series decomposition, which divides the original time series into trend and random components and applies a double autocorrelation technique and an improved cumulative sum technique to the trend andrandom components to detect anomalies in both components is proposed.Abstract:
Recently, many new types of distributed denial of service (DDoS) attacks have emerged, posing a great challenge to intrusion detection systems. In this paper, we introduce a new type of DDoS attacks called stealthy DDoS attacks, which can be launched by sophisticated attackers. Such attacks are different from traditional DDoS attacks in that they cannot be detected by previous detection methods effectively. In response to this type of DDoS attacks, we propose a detection approach based on time-series decomposition, which divides the original time series into trend and random components. It then applies a double autocorrelation technique and an improved cumulative sum technique to the trend and random components, respectively, to detect anomalies in both components. By separately examining each component and synthetically evaluating the overall results, the proposed approach can greatly reduce not only false positives and negatives but also detection latency. In addition, to make our method more generally applicable, we apply an adaptive sliding-window to our real-time algorithm. We evaluate the performance of the proposed approach using real Internet traces, demonstrating its effectiveness.read more
Citations
More filters
Journal ArticleDOI
Stealthy Denial of Service Strategy in Cloud Computing
Massimo Ficco,Massimiliano Rak +1 more
TL;DR: This paper proposes a strategy to orchestrate stealthy attack patterns, which exhibit a slowly-increasing-intensity trend designed to inflict the maximum financial cost to the cloud customer, while respecting the job size and the service arrival rate imposed by the detection mechanisms.
Journal ArticleDOI
A confidence-based filtering method for DDoS attack defense in cloud environment
Wanchun Dou,Qi Chen,Jinjun Chen +2 more
TL;DR: The result shows that CBF has a high scoring speed, a small storage requirement, and an acceptable filtering accuracy, which specifically satisfies the real-time filtering requirements in cloud environment.
Proceedings ArticleDOI
CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment
TL;DR: The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.
Proceedings ArticleDOI
Sophisticated Denial of Service attacks aimed at application layer
TL;DR: This paper considers sophisticated attacks that utilize legitimate application layer requests from legitimately connected network machines to overwhelm Web server and proposes several mechanisms, which can be used for application DoS/DDoS attack detection.
Patent
System and method for correlating historical attacks with diverse indicators to generate indicator profiles for detecting and predicting future network attacks
Akshay Vashist,Ritu Chadha,Abhrajit Ghosh,Alexander Poylisher,Yukiko Sawaya,Akira Yamada,Ayumu Kubota +6 more
TL;DR: In this article, an apparatus and method predict and detect network attacks by using a diverse set of indicators to measure aspects of the traffic and by encoding traffic characteristics using these indicators of potential attacks or anomalous behavior.
References
More filters
Journal ArticleDOI
Time series analysis
TL;DR: A ordered sequence of events or observations having a time component is called as a time series, and some good examples are daily opening and closing stock prices, daily humidity, temperature, pressure, annual gross domestic product of a country and so on.
Journal ArticleDOI
Detection of abrupt changes: theory and application
TL;DR: A unified framework for the design and the performance analysis of the algorithms for solving change detection problems and links with the analytical redundancy approach to fault detection in linear systems are established.
Journal ArticleDOI
A taxonomy of DDoS attack and DDoS defense mechanisms
Jelena Mirkovic,Peter Reiher +1 more
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Proceedings Article
Inferring internet denial-of-service activity
TL;DR: This article presents a new technique, called “backscatter analysis,” that provides a conservative estimate of worldwide denial-of-service activity, and believes it is the first to provide quantitative estimates of Internet-wide denial- of- service activity.