Use of spectral analysis in defense against DoS attacks

Chen Mou Cheng, H. T. Kung, Koan Sin Tan

研究成果: 會議稿件的類型論文同行評審

161 引文 斯高帕斯(Scopus)

摘要

We propose using spectral analysis to identify normal TCP traffic so that it will not be dropped or rate-limited in defense against denial of service (DoS) attacks. The approach can reduce false positives of attacker identification schemes and thus decrease the associated unnecessary slowdown or stoppage of legitimate traffic. For the spectral analysis, we use the number of packet arrivals of a flow in fixed-length time intervals as the signal. We then estimate the power spectral density of the signal, in which information of periodicity, or lack thereof, in the signal reveals itself. A normal TCP flow should exhibit strong periodicity around its round-trip time in both flow directions, whereas an attack flow usually does not. We validate the effectiveness of the approach with simulation and trace analysis. We argue that the approach complements existing DoS defense mechanisms that focus on identifying attack traffic.

原文英語
頁面2143-2148
頁數6
出版狀態已出版 - 2002
對外發佈
事件GLOBECOM'02 - IEEE Global Telecommunications Conference - Taipei, 台灣
持續時間: 17 11 200221 11 2002

Conference

ConferenceGLOBECOM'02 - IEEE Global Telecommunications Conference
國家/地區台灣
城市Taipei
期間17/11/0221/11/02

指紋

深入研究「Use of spectral analysis in defense against DoS attacks」主題。共同形成了獨特的指紋。

引用此