A DoS/DDoS Attack Detection System Using Chi-Square Statistic Approach
نویسنده
چکیده
Nowadays, users can easily access and download network attack tools, which often provide friendly interfaces and easily operated features, from the Internet. Therefore, even a naive hacker can also launch a large scale DoS or DDoS attack to prevent a system, i.e., the victim, from providing Internet services. In this paper, we propose an agent based intrusion detection architecture, which is a distributed detection system, to detect DoS/DDoS attacks by invoking a statistic approach that compares source IP addresses’ normal and current packet statistics to discriminate whether there is a DoS/DDoS attack. It first collects all resource IPs’ packet statistics so as to create their normal packet distribution. Once some IPs’ current packet distribution suddenly changes, very often it is an attack. Experimental results show that this approach can effectively detect DoS/DDoS attacks.
منابع مشابه
Extraction of Anomaly Accessed Ip Packets Features Using Statistical Method
To defend DoS (Denial of Service) attacks, an access filtering mechanism is adopted in the firewall or the IDS (Intrusion Detection System). The difficulty to define the filtering rules lies where normal and anomaly packets have to be distinguished in incoming packets. The purpose of our research is to explore the early detective method for anomaly accesses based on statistic analysis. In this ...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملStudy on Auto Detecting Defence Mechanisms against Application Layer Ddos Attacks in SIP Server
Denial of Service (DoS) or Distributed Denial of Service (DDoS) is a powerful attack which prevents the system from providing services to its legitimate users. Several approaches exist to filter network-level attacks, but application-level attacks are harder to detect at the firewall. Filtering at application level can be computationally expensive and difficult to scale, while still creating bo...
متن کاملA System Approach to Network Modeling for DDoS Detection using a Naı̀ve Bayesian Classifier
Denial of Service(DoS) attacks pose a big threat to any electronic society. DoS and DDoS attacks are catastrophic particularly when applied to highly sensitive targets like Critical Information Infrastructure. While research literature has focussed on using various fundamental classifier models for detecting attacks, the common trend observed in literature is to classify DoS attacks into the br...
متن کاملA system approach to network modeling for DDoS detection using a Naìve Bayesian classifier
Denial of Service(DoS) attacks pose a big threat to any electronic society. DoS and DDoS attacks are catastrophic particularly when applied to highly sensitive targets like Critical Information Infrastructure. While research literature has focussed on using various fundamental classifier models for detecting attacks, the common trend observed in literature is to classify DoS attacks into the br...
متن کامل