Remote detection of bottleneck links using spectral and statistical methods

He, Xinming; Papadopoulos, Christos; Heidemann, John; Mitra, Urbashi; Riaz, Usman

doi:10.1016/j.comnet.2008.10.001

Cited by 43 publications

(47 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They find that the method is able to detect different attacks in a few seconds. It is also identified that bit-rate SNR is more effective to detect network traffic anomalies as compared to earlier proposed packet SNR in [80]. They evaluate both metrics through bPDM and conclude that bit-rate SNR is better in terms of detection time.…”

Section: Defense Against Application Layer Ddos Attacksmentioning

confidence: 90%

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

Aamir

Zaidi

2013

IIS

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks exhaust victim's bandwidth or services. Traditional architecture of Internet is vulnerable to DDoS attacks and an ongoing cycle of attack & defense is observed. A recent attack report of year 2013 -'Quarter 1' from Prolexic Technologies identifies that 1.75 percent increase in total number of DDoS attacks has been recorded as compared to similar attacks of previous year's last quarter. In this paper, different types and techniques of DDoS attacks and their countermeasures are surveyed. The significance of this paper is the coverage of many aspects of countering DDoS attacks including new research on the topic. We survey different papers describing methods of defense against DDoS attacks based on entropy variations, traffic anomaly parameters, neural networks, device level defense, botnet flux identifications, application layer DDoS defense and countermeasures in wireless networks, CCN & cloud computing environments. We also discuss some traditional methods of defense such as traceback and packet filtering techniques, so that readers can identify major differences between traditional and current techniques of defense against DDoS attacks. We identify that application layer DDoS attacks possess the ability to produce greater impact on the victim as they are driven by legitimate-like traffic, making it quite difficult to identify and distinguish from legitimate requests. The need of improved defense against such attacks is therefore more demanding in research. The study conducted in this paper can be helpful for readers and researchers to recognize better techniques of defense in current times against DDoS attacks and contribute with more research on this topic in the light of future challenges identified in this paper.

show abstract

Section: Defense Against Application Layer Ddos Attacksmentioning

confidence: 90%

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

Aamir

Zaidi

2013

IIS

View full text Add to dashboard Cite

show abstract

“…Spectral techniques have been employed to identify bottleneck links [7], [8] and routing information [15] as well as a range of network anomalies [1], [12]. Magnaghi et al detect anomalies within TCP flows using a wavelet-based approach to identify network misconfigurations [12].…”

Section: Related Workmentioning

confidence: 99%

Low-rate, flow-level periodicity detection

Bartlett¹,

Heidemann²,

Papadopoulos

2011

2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

Self Cite

View full text Add to dashboard Cite

Abstract-As desktops and servers become more complicated, they employ an increasing amount of automatic, non-user initiated communication. Such communication can be good (OS updates, RSS feed readers, and mail polling), bad (keyloggers, spyware, and botnet command-and-control), or ugly (adware or unauthorized peer-to-peer applications). Communication in these applications is often regular, but with very long periods, ranging from minutes to hours. This infrequent communication and the complexity of today's systems makes these applications difficult for users to detect and diagnose. In this paper we present a new approach to identify low-rate periodic network traffic and changes in such regular communication. We employ signal-processing techniques, using discrete wavelets implemented as a fully decomposed, iterated filter bank. This approach not only detects low-rate periodicities, but also identifies approximate times when traffic changed. We implement a self-surveillance application that externally identifies changes to a user's machine, such as interruption of periodic software updates, or an installation of a keylogger.

show abstract

“…We propose the parametric Modeled Attack Detector (MAD) based on time-series data and modify the method of He et al [7] to a sequential version, the Periodic Attack Detector (PAD), using spectrally-based techniques [4], [7], [8].…”

Section: Introductionmentioning

confidence: 99%

“…We refer readers to the work by He et al [7] for an exposition on spectral detection methods. The contributions of this paper are therefore to develop the new MAD detection scheme and sequentialize the scheme in [7]; these methods operate on aggregate traffic streams and we quantify their effectivness on both controlled synthetic traffic and real traces captured in the wild.…”

Section: Introductionmentioning

confidence: 99%

“…The contributions of this paper are therefore to develop the new MAD detection scheme and sequentialize the scheme in [7]; these methods operate on aggregate traffic streams and we quantify their effectivness on both controlled synthetic traffic and real traces captured in the wild. We show that MAD can detect attacks as small as 10% of total traffic in less than a second.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detection of low-rate attacks in computer networks

Thatte

Mitra

Heidemann³

2008

IEEE INFOCOM 2008 - IEEE Conference on Computer Communications Workshops

Self Cite

View full text Add to dashboard Cite

Abstract-This paper develops two parametric methods to detect low-rate denial-of-service attacks and other similar near-periodic traffic, without the need for flow separation. The first method, the periodic attack detector, is based on a previous approach that exploits the near-periodic nature of attack traffic in aggregate traffic by modeling the peak frequency in the traffic spectrum. The new method adopts simple statistical models for attack and background traffic in the time-domain. Both approaches use sequential probability ratio tests (SPRTs), allowing control over false alarm rate while examining the trade-off between detection time and attack strength. We evaluate these methods with real and synthetic traces, observing that the new Poissonbased scheme uniformly detects attacks more rapidly, often in less than 200ms, and with lower complexity than the periodic attack detector. Current entropy-based detection methods provide an equivalent time to detection but require flow-separation since they utilize source/destination IP addresses. We evaluate sensitivity to attack strength (compared to the rate of background traffic) with synthetic traces, finding that the new approach can detect attacks that represent only 10% of the total traffic bitrate in fractions of a second.

show abstract

Remote detection of bottleneck links using spectral and statistical methods

Cited by 43 publications

References 25 publications

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

Low-rate, flow-level periodicity detection

Detection of low-rate attacks in computer networks

Contact Info

Product

Resources

About