Title :
SPADE: Statistical Packet Acceptance Defense Engine
Author :
Tzur-David, Shimrit ; Avissar, Harel ; Dolev, Danny ; Anker, Tal
Author_Institution :
Hebrew Univ. Of Jerusalem, Jerusalem, Israel
Abstract :
A security engine should detect network traffic attacks at line-speed. "Learning" capabilities can help detecting new and unknown threats even before a vulnerability is exploited. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies. This paper focuses on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detecting and preventing of attacks. The main challenges include minimizing the false-positive rate and the memory consumption. SPADE: a Statistical Packet Acceptance Defense Engine is presented. SPADE is an accurate engine that uses an hierarchical adaptive structure to detect suspicious traffic using a relatively small memory footprint, therefore can be easily applied on hardware. SPADE is based on the assumption that during DoS/DDoS attacks, a significant portion of the traffic that is seen belongs to the attack, therefore, SPADE applies a statistical mechanism to primarily filter the attack\´s traffic.
Keywords :
computer network security; distributed processing; telecommunication traffic; SPADE; denial of service attack; distributed DoS; memory consumption; memory footprint; network traffic attack; security engine; statistical packet acceptance defense engine; Accuracy; Computer crime; Engines; History; IP networks; Protocols; Software;
Conference_Titel :
High Performance Switching and Routing (HPSR), 2010 International Conference on
Conference_Location :
Richardson, TX
Print_ISBN :
978-1-4244-6969-7
Electronic_ISBN :
978-1-4244-6970-3
DOI :
10.1109/HPSR.2010.5580287
