Title :
A summary of detection of denial-of-QoS attacks on DiffServ networks
Author :
Wu, Xiaoyong ; Mahadik, Vinay A. ; Reeves, Dogulas S.
Abstract :
This paper summarizes our approach of detecting denial of QoS attacks on DiffServ networks. Our approach focuses on online quick detection, scalability to large networks, and a low false alarm generation rate. Sensors sample QoS metric at strategic points and we detect anomalies in sampled network flow statistics using the χ2 and EWMA Control Chart test methods. We also use rule-based intrusion detection of SLA as a complement to these techniques. We have tested our intrusion detection approach using emulation on a testbed, and using simulation. Attacks are detected 100% of the time, and require from under a minute to approximately 15 minutes to detect. The false alarm rate at the sensitivity level used to achieve these detection results is less than 1%. These results make our work a strong candidate for deployment.
Keywords :
Internet; authorisation; military computing; quality of service; statistical testing; telecommunication traffic; DARPA; DiffServ networks; EWMA Control Chart; SLA; anomaly detection; chi squared test; denial-of-QoS attacks; false alarm generation rate; online quick detection; rule-based intrusion detection; sampled network flow statistics; scalability; service level agreement; Control charts; Emulation; Intrusion detection; Scalability; Statistical analysis; Testing;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194978
