NIS04-1: Wavelet-based Detection of DoS Attacks

Author

Dainotti, Alberto ; Pescape, Antonio ; Ventre, Giorgio

Author_Institution

Univ. of Napoli, Naples

fYear

2006

fDate

Nov. 27 2006-Dec. 1 2006

Firstpage

1

Lastpage

6

Abstract

Automated detection of anomalies in network traffic is an important and challenging task. In this work we propose an automated system to detect volume-based anomalies in network traffic caused by denial of service (DoS) attacks. The system has a two-stage architecture that combines more traditional approaches (adaptive threshold and cumulative sum) with a novel one based on the continuous wavelet transform. Thanks to the proposed architecture, we obtain good results in terms of tradeoff between correct detections and false alarms, estimation of anomaly duration, and ability to distinguish between subsequent anomalies. We test our system using a set of publicly available traffic traces to which we superimpose anomalies related to real DoS attacks tools. Extensive test results show how the proposed system accurately detects a wide range of anomalies and how the performance indicators are affected by anomalies characteristics (i.e. amplitude and duration).

Keywords

IP networks; telecommunication security; telecommunication traffic; wavelet transforms; DoS attack; IP network traffic; anomaly detection; continuous wavelet transform; denial-of-service attack; Aggregates; Computer crime; Continuous wavelet transforms; Discrete wavelet transforms; Performance analysis; System testing; Telecommunication traffic; Time series analysis; Wavelet coefficients; Wavelet transforms;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE

Conference_Location

San Francisco, CA

ISSN

1930-529X

Print_ISBN

1-4244-0356-1

Electronic_ISBN

1930-529X

Type

conf

DOI

10.1109/GLOCOM.2006.279

Filename

4150909