Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Security Track at ACM Symposium on Applied Computing 2004
Guest editors: Giampaolo Bella and Peter Ryan
Article type: Research Article
Authors: Siaterlis, Christosa | Maglaris, Vasilisb
Affiliations: [a] Network Management and Optimal Design Lab, National Technical University of Athens, Greece. E-mail: csiat@netmode.ntua.gr | [b] Network Management and Optimal Design Lab, National Technical University of Athens, Greece. E-mail: maglaris@netmode.ntua.gr
Abstract: This work introduces the use of data fusion in the field of DDoS anomaly detection. We present Dempster-Shafer Theory of Evidence (D-S), the mathematical foundation for the development of a novel DDoS detection engine. Based on a data fusion paradigm, we combine evidence generated from multiple simple metrics to feed our D-S inference engine and detect attacks on a single network element (high bandwidth link). The main advantages of our approach are the modeling power of the Theory of Evidence in expressing beliefs in some hypotheses, its flexibility to handle uncertainty and ignorance and its ability to provide quantitative measurement of the belief and plausibility in our detection results. Furthermore we propose a system that can be trained (supervised learning) with minimum human effort, using in parallel expert knowledge about each metric detection ability. We evaluate our detection engine prototype through an extensive set of experiments on an operational network using real network traffic, with the use of a popular DDoS attack generator. Based on these results we discuss the performance of our D-S scheme in contrast to simple thresholds on single metrics, as well as against an alternative data fusion technique based on an Artificial Neural Network. We conclude that our data fusion is a promising approach that significantly increases the DDoS detection rate (true positives) while keeping the false positive alarm rate low.
Keywords: Denial of Service attacks, anomaly detection, data fusion, security
DOI: 10.3233/JCS-2005-13505
Journal: Journal of Computer Security, vol. 13, no. 5, pp. 779-806, 2005
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl