Title :
Anomaly-Based Identification of Large-Scale Attacks
Author_Institution :
Inst. of Telematics, Univ. of Karlsruhe, Karlsruhe, Germany
Abstract :
Large-scale attacks like distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based business. Thus, many attack detection systems using various anomaly detection methods were developed in the past. These detection systems result in a set of anomalies detected by analysis of the traffic behavior. A realtime identification of the attack type that is represented by those anomalies simplifies important tasks like taking countermeasures and visualizing the network state. In addition, an identification facilitates a collaboration of distributed heterogeneous detection systems. In this paper, we first lay the foundations for a generalized identification system by establishing a model of those entities that form anomaly-based attack detection: large-scale attacks, anomalies, and anomaly detection methods. Based on this flexible model, an adaptable and resource-aware system for the identification of large-scale attacks is developed that additionally offers an autonomous processing control.
Keywords :
Internet; security of data; telecommunication security; telecommunication traffic; DDoS; Internet-based business; anomaly-based identification; distributed denial-of-service; distributed heterogeneous detection systems; large-scale attacks; traffic behavior; Availability; Collaboration; Computer crime; Hardware; IP networks; Internet; Large-scale systems; Process control; Telecommunication traffic; Visualization;
Conference_Titel :
Global Telecommunications Conference, 2009. GLOBECOM 2009. IEEE
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4244-4148-8
DOI :
10.1109/GLOCOM.2009.5426127
