Title :
Application of anomaly detection algorithms for detecting SYN flooding attacks
Author :
Siris, Vasilios A. ; Papagalou, Fotini
Author_Institution :
Inst. of Comput. Sci., Found. for Res. & Technol. - Hellas, Heraklion, Greece
fDate :
29 Nov.-3 Dec. 2004
Abstract :
We investigate statistical anomaly detection algorithms for detecting SYN flooding, which is the most common type of denial of service (DoS) attack. The two algorithms considered are an adaptive threshold algorithm and a particular application of the cumulative sum (CUSUM) algorithm for change point detection. The performance is investigated in terms of the detection probability, the false alarm ratio, and the detection delay. Particular emphasis is on investigating the tradeoffs among these metrics and how they are affected by the parameters of the algorithm and the characteristics of the attacks. Such an investigation can provide guidelines to effectively tune the parameters of the detection algorithm to achieve specific performance requirements in terms of the above metrics.
Keywords :
Internet; computer crime; computer network management; probability; CUSUM algorithm; DoS attack; SYN flooding attacks; adaptive threshold algorithm; change point detection; cumulative sum algorithm; denial of service; detection delay; detection probability; false alarm ratio; statistical anomaly detection; Application software; Change detection algorithms; Computer crime; Computer science; Delay; Detection algorithms; Floods; Guidelines; TCPIP; Web and internet services;
Conference_Titel :
Global Telecommunications Conference, 2004. GLOBECOM '04. IEEE
Print_ISBN :
0-7803-8794-5
DOI :
10.1109/GLOCOM.2004.1378372
