Title :
Real-time detection and containment of network attacks using QoS regulation
Author :
Kim, Seong Soo ; Reddy, A. L Narasimha
Author_Institution :
Dept. of Electr. Eng., Texas A&M Univ., College Station, TX, USA
Abstract :
In this paper, we present a network measurement mechanism that can detect and mitigate attacks and anomalous traffic in real-time using QoS regulation. The detection method rapidly pursues the dynamics of the network on the basis of correlation properties of the network protocols. By observing the proportion occupied by each traffic protocol and correlating it to that of previous states of traffic, it can be possible to determine whether the current traffic is behaving normally. When abnormalities are detected, our mechanism allows aggregated resource regulation of each protocol´s traffic. The trace-driven results show that the rate-based regulation of traffic characterized by protocol classes is a feasible vehicle for mitigating the impact of network attacks on end servers.
Keywords :
computer crime; invasive software; quality of service; routing protocols; telecommunication congestion control; telecommunication network management; telecommunication network reliability; telecommunication security; telecommunication traffic; QoS regulation; aggregated resource regulation; anomalous traffic; attack detection method; correlation properties; end servers; network attacks; network dynamics; network measurement mechanism; network protocols; protocol classes; rate-based traffic regulation; real-time containment; real-time detection; traffic previous states; traffic protocol; Communication system traffic control; Computer crime; Network servers; Protection; Protocols; Quality of service; Resource management; Telecommunication traffic; Traffic control; Web server;
Conference_Titel :
Communications, 2005. ICC 2005. 2005 IEEE International Conference on
Print_ISBN :
0-7803-8938-7
DOI :
10.1109/ICC.2005.1494367
