Augmented Attack Tree Modeling of Distributed Denial of Services and Tree Based Attack Detection Method

Author

Wang, Jie ; Phan, Raphael C -W ; Whitley, John N. ; Parish, David J.

Author_Institution

Dept. of Electron. & Electr. Eng., Loughborough Univ., Loughborough, UK

fYear

2010

fDate

June 29 2010-July 1 2010

Firstpage

1009

Lastpage

1014

Abstract

Distributed Denial of Service (DDoS) is a serious computer network attack which can cause extreme performance degradation on the victim server. This paper presents a formal and methodical way of modeling DDoS attack by the method of Augmented Attack Tree (AAT), and presents an AAT-based attack detection algorithm. This modeling explicitly captures the particular subtle incidents triggered by DDoS and the corresponding state transitions from the view of the network traffic transmission on the primary victim server. Two major contributions are given in this paper: (1) an AAT-based DDoS model (ADDoSAT) is developed to assess the potential threat from the malicious packets transmission on the primary victim server and to facilitate the detection of such attacks; (2) an AAT-based bottom-up detection algorithm is proposed to detect all kinds of attacks based on AAT modeling.

Keywords

computer network security; trees (mathematics); augmented attack tree modeling; computer network attack; distributed denial of services; malicious packets transmission; tree based attack detection method; victim server; Computer crime; Databases; Detection algorithms; Floods; Image edge detection; Pediatrics; Servers; Augmented Attack Tree; Bottom-up; DDoS; Detection Algorithm; Modeling;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Conference_Location

Bradford

Print_ISBN

978-1-4244-7547-6

Type

conf

DOI

10.1109/CIT.2010.185

Filename

5578489