Title :
A similarity based approach for application DoS attacks detection
Author :
Aiello, Marco ; Cambiaso, Enrico ; Scaglione, Silvia ; Papaleo, Gianluca
Author_Institution :
IEIIT, Genoa, Italy
Abstract :
The ability to identify anomalous traffic patterns is a central issue for network managers: primarily lots of problems could arise from network attacks, such as viruses and tunneling tools. In this paper we present a detection algorithm able to extract information analyzing features of the network traffic containing attacks. The algorithm exploits statistical methodologies for traffic categorization. To assess the practical usability of the proposed algorithms we have tested its application in a case of abuse of resources through an application DoS attack known as slowloris. We have obtained an excellent reliability both analyzing single samples of traffic (100% of anomalies detection, with 1% probability of false positives) and processing multiple samples, through an average measurement (100% of anomalies detection, with a distance between traffics of 5.29 σ, providing an extremely low false positive error rate).
Keywords :
computer network security; statistical analysis; telecommunication traffic; anomalous traffic pattern identification; application DoS attacks detection; network attacks; network traffic; similarity based approach; slowloris; statistical methodologies; traffic categorization; tunneling tools; viruses; Computer crime; Equations; Internet; Intrusion detection; Protocols; Servers; Standards; anomaly based detection; network traffic characterization; slow dos attack;
Conference_Titel :
Computers and Communications (ISCC), 2013 IEEE Symposium on
Conference_Location :
Split
DOI :
10.1109/ISCC.2013.6754984
