Show simple item record

dc.contributor.authorSalem, Mohammed
dc.contributor.authorArmstrong, Helen
dc.contributor.editorCraig Valli
dc.contributor.editorAndrew Woodward
dc.date.accessioned2017-01-30T12:46:00Z
dc.date.available2017-01-30T12:46:00Z
dc.date.created2009-03-25T18:01:42Z
dc.date.issued2008
dc.identifier.citationSalem, Mohammed and Armstrong, Helen. 2008. Identifying DOS attacks using data pattern analysis, in Craig Valli and Andrew Woodward (ed), The 6th Australian Information Security Management Conference, Dec. 1 2008, pp. 118-129.Perth, Australia: SECAU - Security Research Centre
dc.identifier.urihttp://hdl.handle.net/20.500.11937/24963
dc.description.abstract

During a denial of service attack, it is difficult for a firewall to differentiate legitimate packets from rogue packets, particularly in large networks carrying substantial levels of traffic. Large networks commonly use network intrusion detection systems to identify such attacks, however new viruses and worms can escape detection until their signatures are known and classified as an attack. Commonly used IDS are rule based and static, and produce a high number of false positive alerts. The aim of this research was to determine if it is possible for a firewall to self-learn by analysing its own traffic patterns. Statistical analyses of firewall logs for a large network were carried out and a baseline determined. Estimated traffic levels were projected using linear regresssion and Holt-Winter methods for comparison with the baseline. Rejected traffic falling outside the projected level for the network under study could indicate an attack. The results of the research were positive with variance from the projected rejected packet levels successfully indicating an attack in the test network.

dc.publisherSECAU - Security Research Centre
dc.titleIdentifying DOS attacks using data pattern analysis
dc.typeConference Paper
dcterms.source.startPage118
dcterms.source.endPage129
dcterms.source.titleProceedings of the 6th Australian information security management conference
dcterms.source.seriesProceedings of the 6th Australian information security management conference
dcterms.source.isbn9780729806657
dcterms.source.conferenceThe 6th Australian Information Security Management Conference
dcterms.source.conference-start-dateDec 1 2008
dcterms.source.conferencelocationPerth, Australia
dcterms.source.placePerth, Australia
curtin.accessStatusOpen access
curtin.facultyCurtin Business School
curtin.facultySchool of Information Systems


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record