Identifying DOS attacks using data pattern analysis
MetadataShow full item record
During a denial of service attack, it is difficult for a firewall to differentiate legitimate packets from rogue packets, particularly in large networks carrying substantial levels of traffic. Large networks commonly use network intrusion detection systems to identify such attacks, however new viruses and worms can escape detection until their signatures are known and classified as an attack. Commonly used IDS are rule based and static, and produce a high number of false positive alerts. The aim of this research was to determine if it is possible for a firewall to self-learn by analysing its own traffic patterns. Statistical analyses of firewall logs for a large network were carried out and a baseline determined. Estimated traffic levels were projected using linear regresssion and Holt-Winter methods for comparison with the baseline. Rejected traffic falling outside the projected level for the network under study could indicate an attack. The results of the research were positive with variance from the projected rejected packet levels successfully indicating an attack in the test network.
Showing items related by title, author, creator and subject.
Chonka, A.; Singh, Jaipal; Zhou, W. (2009)DDoS attack traffic is difficult to differentiate from legitimate network traffic during transit from the attacker, or zombies, to the victim. In this paper, we use the theory of network self-similarity to differentiate ...
Ahmad Salem, Mohammed Ali Mohammed (2013)This research deals with Denial of Service (DoS) flooding attacks. These types of attacks toward internet connected networks are on the rise. The research proposes a model that triangulate between statistical and neural ...
Jian, Le; Chan, Kit Yan (2012)Air pollution is a major concern in many counties. Air pollution levels are usually determined by the concentrations of air pollutants such as nitrogen dioxide, sulphur dioxide, carbon monoxide, ozone and particulate ...