Title :
Review Over Anomaly Detection Algorithms for Detecting SYN Flooding Attacks
Author :
Shaikh, Riaz A. ; Iqbal, Ahmad Ali ; Samad, Kashan
Author_Institution :
NUST Inst. of Inf. Technol., Rawalpindi
Abstract :
Network anomalies usually refer to the conditions when network operations diverge from the normal behavior. Anomaly detection in an IP network is a very complex task, because it is dependent upon the nature of the data that is available for the analysis. In this paper we have given the overview of two statistical based anomaly detection algorithms that are adaptive threshold algorithm and cumulative SUM algorithm especially with respect to the anomaly that is occurred due to SYN flooding attacks. In the case of high intensity SYN flooding attacks both were good and have less false alarm ratio where as in the case of low intensity attacks adaptive threshold algorithm performance degrade and shows high false alarm where as in the case of cumulative sum algorithm its performance remain same with lesser false alarm ratio.
Keywords :
IP networks; statistical analysis; IP network; adaptive threshold algorithm; anomaly detection algorithms; false alarm ratio; flooding attack detection; network anomalies; performance degradation; statistical based anomaly detection algorithms; Broadcasting; Computer crime; Detection algorithms; File servers; Floods; IP networks; Network servers; Protocols; Storms; Telecommunication traffic; Adaptive threshold; Anomaly detection; Cumulative SUM; SYN Flooding;
Conference_Titel :
Engineering Sciences and Technology, 2005. SCONEST 2005. Student Conference on
Conference_Location :
Karachi
Print_ISBN :
978-0-7803-9442-1
Electronic_ISBN :
978-0-7803-9442-1
DOI :
10.1109/SCONEST.2005.4382870
