Title :
Early DoS Attack Detection using Smoothened Time-Series andWavelet Analysis
Author :
Shinde, Pravin ; Guntupalli, Srinivas
Author_Institution :
CDAC, Mumbai
Abstract :
Denial of Service (DoS) attacks are ubiquitous to computer networks. Flood based attacks are a common class of DoS attacks. DoS detection mechanisms that aim at detecting floods mainly look for sudden changes in the traffic and mark them anomalous. In this paper, we propose a method that considers the traffic in a network as a time-series and smoothens it using exponential moving average and analyzes the smoothened wave using energy distribution based on wavelet analysis. The parameters we used to represent the traffic are number of bytes received per unit time and the proportion between incoming and outgoing bytes. By analyzing the energy distribution in the wavelet form of a smoothened time-series, growth in the traffic, which is the result of a DoS attack can be detected very early. As the parameters we considered represent different properties of the network, the accuracy of the detection will be very high and with less false positives.
Keywords :
computer networks; security of data; telecommunication traffic; time series; wavelet transforms; DoS attack detection; computer networks; denial of service; energy distribution; exponential moving average; flood detection; smoothened time-series; time-series; wavelet analysis; Computer crime; Computer networks; Computer security; Floods; Information security; Protocols; Telecommunication traffic; Time series analysis; Traffic control; Wavelet analysis;
Conference_Titel :
Information Assurance and Security, 2007. IAS 2007. Third International Symposium on
Conference_Location :
Manchester
Print_ISBN :
0-7695-2876-7
Electronic_ISBN :
978-0-7695-2876-2
DOI :
10.1109/IAS.2007.16
