Abnormality metrics to detect and protect against network attacks

Internet has been growing at an amazing rate and it becomes pervasive in all aspects of our life. On the other hand, the ubiquity of networked computers and their services has significantly increased their vulnerability to virus and worm attacks. To make pervasive systems and their services reliable and secure it becomes highly essential to develop on-line monitoring, analysis, and quantification of the operational state of such systems and services under a wide range of normal and abnormal workload scenarios. We prevent several abnormality metrics that can be used to detect abnormal behaviors and also can be used to quantify the impact of attach on pervasive system sendees. Our online monitoring approach is based on deploying software agents on selected routers, clients and servers to continuously monitor the measurement attributes and compute the abnormality metrics. Further, we use this metrics to quantify the impact of attacks on the individual components and on the system as a whole. This analysis leads to identify the most critical components in the system. We have built a test bed to experiment and evaluate the effectiveness of these metrics to detect several well-known network attacks such as MS SQL slammer worm attack, Denial of Service attack, and email worm spam.