Modeling Distributed Network Attacks with Constraints
نویسندگان
چکیده
In this work we demonstrate how to model and perform the detection of Distributed Network attacks using NeMODe, a declarative system for Computer Network Intrusion Detection which provides a declarative Domain Specific Language for describing computer network intrusion signatures which span several network packets by stating constraints over network packets, thus, describing relations between several packets, in a declarative and expressive way.
منابع مشابه
HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملRandom Key Pre-Distribution Techniques against Sybil Attacks
Sybil attacks pose a serious threat for Wireless Sensor Networks (WSN) security. They can create problems in routing, voting schemes, decision making, distributed storage and sensor re-programming. In a Sybil attack, the attacker masquerades as multiple sensor identities that are actually controlled by one or a few existing attacker nodes. Sybil identities are fabricated out of stolen keys, obt...
متن کاملMulti-agent Modeling and Simulation of Distributed Denial-of-service Attacks on Computer Networks
The move toward practical use of modern naval network-centric warfare (NCW) brings with it the benefits caused by applying distributed computing to gain superiority over its adversary. However, the adversary will attempt to attack information infrastructures used in NCW. One effective means of destruction of such infrastructures is the use of distributed denial-of-service (DDoS) attacks. The pr...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کامل