A model of conversation exchange dynamics for detection of epidemic-style network attacks

Author

Mylavarapu, S. ; Zachary, J. ; Ettlich, D. ; McEachen, J. ; Ford, D.

Author_Institution

South Carolina Univ., Columbia, SC, USA

Volume

3

fYear

2004

fDate

25-28 July 2004

Abstract

Epidemic-style network attacks, such as worms, have increased in frequency over the past several years as computer networks have grown in bandwidth and scope. Mechanisms to contain these types of attacks depend on rapid and effective detection of their existence, which corresponds to anomalous network traffic behavior. These behaviors are typically associated with denial of service, probing, and buffer overflow attacks. We present a model called conversation exchange dynamics (CED) and analyze its ability to detect network anomalies by observing anomalous packets amongst traffic generated in a controlled test environment. We present configuration issues and show the successful ability of this model to detect anomalous packets and even network attacks that exhibit behavior pathologies similar to network worms.

Keywords

computer networks; security of data; anomalous network traffic behavior; anomalous packets; buffer overflow attacks; computer networks; conversation exchange dynamic model; denial of service; epidemic style network attack detection; probing; Bandwidth; Buffer overflow; Communication system traffic control; Computer crime; Computer networks; Computer worms; Frequency; Pathology; Testing; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Circuits and Systems, 2004. MWSCAS '04. The 2004 47th Midwest Symposium on

Print_ISBN

0-7803-8346-X

Type

conf

DOI

10.1109/MWSCAS.2004.1354334

Filename

1354334