CNR Institutional Research Information System

The ability to identify anomalous traffic patterns is a central issue for network managers: primarily lots of problems could arise from network attacks, such as viruses and tunneling tools. In this paper we present a detection algorithm able to extract information analyzing features of the network traffic containing attacks. The algorithm exploits statistical methodologies for traffic categorization. To assess the practical usability of the proposed algorithms we have tested its application in a case of abuse of resources through an application DoS attack known as slowloris. We have obtained an excellent reliability both analyzing single samples of traffic (100% of anomalies detection, with 1% probability of false positives) and processing multiple samples, through an average measurement (100% of anomalies detection, with a distance between traffics of 5.29 sigma, providing an extremely low false positive error rate).

A Similarity Based Approach for Application DoS Attacks Detection

Maurizio Aiello;Enrico Cambiaso;Silvia Scaglione;Gianluca Papaleo

2013

Abstract

The ability to identify anomalous traffic patterns is a central issue for network managers: primarily lots of problems could arise from network attacks, such as viruses and tunneling tools. In this paper we present a detection algorithm able to extract information analyzing features of the network traffic containing attacks. The algorithm exploits statistical methodologies for traffic categorization. To assess the practical usability of the proposed algorithms we have tested its application in a case of abuse of resources through an application DoS attack known as slowloris. We have obtained an excellent reliability both analyzing single samples of traffic (100% of anomalies detection, with 1% probability of false positives) and processing multiple samples, through an average measurement (100% of anomalies detection, with a distance between traffics of 5.29 sigma, providing an extremely low false positive error rate).

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2013
			
	Strutture organizzative
	
				Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT
			
	Lingua/e
	
				Inglese
			
	Serie
	
				PROCEEDINGS - IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS
			
	Titolo del convegno
	
				IEEE Symposium on Computers and Communications
			
	Da pagina
	
				000430
			
	A pagina
	
				000435
			
	Numero di pagine
	
				6
			
	Codice DOI
	
				https://dx.doi.org/10.1109/ISCC.2013.6754984
			
	URL
	
				http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=6754984
			
	Periodo del Convegno
	
				7-10 July 2013
			
	Luogo del Convegno
	
				Split, Croatia
			
	Parole chiave
	
				anomaly based detection
network traffic characterization
slow dos attack
			
	Altre informazioni
	
				ISBN del volume contenente gli atti del convegno: 978-1-4799-3755-4
			
	Codice Scopus
	
				2-s2.0-84897451847
			
	Codice Web of Science
	
				WOS:000352089400068
			
	Numero autori
	
				4
			
	Fulltext
	
				none
			
	Tutti gli autori
	
						Maurizio Aiello; Enrico Cambiaso; Silvia Scaglione; Gianluca Papaleo
					
	Tipologia Login Miur
	
				273
			
	Tipologia
	
				info:eu-repo/semantics/conferenceObject
			
	Tipologia
	
				04 Contributo in convegno::04.01 Contributo in Atti di convegno
			
	Appare nelle tipologie:
	
				04.01 Contributo in Atti di convegno

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/295167

Citazioni

ND

27

2

social impact