Visual analysis and detection of network flood attacks through Two-Layer density approach

Author

Mao Lin Huang ; Jinson Zhang

Author_Institution

Sch. of Comput. Software, Tianjin Univ., Tianjin, China

fYear

2013

fDate

12-13 Oct. 2013

Firstpage

625

Lastpage

629

Abstract

Flood attack patterns have variability depending on the network environment. It has been necessitated that the need for visual analysis within an Intrusion Detection System (IDS) is to identify these flood-attack patterns. The challenges are how to increase the accuracy of detection and how to visualize and present flood attack patterns in networks for early detection. In this paper, we propose a Two-Layer density model for flood attack detection. The first density layer describes sending-density and receiving-density in analyzing Internet traffic. The second density layer describes attack-density and normal-density in analyzing local network traffic at a victim site. Several visualization techniques are used to facilitate the detection process. The experiments demonstrate that the Two-Layer density model has significantly improved the accuracy of the detection of flood attacks and provides users with a better understanding of the nature of flood attacks.

Keywords

Internet; computer network security; telecommunication traffic; Internet traffic; attack-density; first density layer; flood attack pattern visualization; intrusion detection system; local network traffic; normal-density; receiving-density; sending-density; two-layer density model; victim site; Computer hacking; Floods; Joining processes; Ports (Computers); Telecommunication traffic; Visualization; Network security; attack density; flood attack pattern; information visualization; receiving density; sending density;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Network Technology (ICCSNT), 2013 3rd International Conference on

Conference_Location

Dalian

Type

conf

DOI

10.1109/ICCSNT.2013.6967191

Filename

6967191