Publication: Lightweight detection of DoS attacks
Issued Date
2007-12-01
Resource Type
Other identifier(s)
2-s2.0-48149114703
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
ICON 2007 - Proceedings of the 2007 15th IEEE International Conference on Networks. (2007), 77-82
Suggested Citation
Sirikarn Pukkawanna, Vasaka Visoottiviseth, Panita Pongpaibool Lightweight detection of DoS attacks. ICON 2007 - Proceedings of the 2007 15th IEEE International Conference on Networks. (2007), 77-82. doi:10.1109/ICON.2007.4444065 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/24386
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Lightweight detection of DoS attacks
Other Contributor(s)
Abstract
Denial of Service (DoS) attacks have continued to evolve and impact availability of the Internet infrastructure. Many researchers in the field of network security and system survivability have been developing mechanisms to detect DoS attacks. By doing so they hope to maximize accurate detections (true-positive) and minimize non-justified detections (false-positive). This research proposes a lightweight method to identify DoS attacks by analyzing host behaviors. Our method is based on the concept of BLINd Classification or BLINC: no access to packet payload, no knowledge of port numbers, and no additional information other than what current flow collectors provide. Rather than using pre-defined signatures or rules as in typical Intrusion Detection Systems, BLINC maps flows into graphlets of each attack pattern. In this work we create three types of graphlets for the following DoS attack patterns: SYN flood, ICMP flood, and host scan. Results show that our method can identify all occurrences and all hosts associated with attack activities, with a low percentage of false positive. © 2007 IEEE.