Abstract

Launching a denial of service (DoS) attack is trivial, but detection and response is a painfully slow and often a manual process. Automatic classification of attacks as single- or multi-source can help focus a response, but current packet-header-based approaches are susceptible to spoofing. This paper introduces a framework for classifying DoS attacks based on header content, transient ramp-up behavior, and novel techniques such as spectral analysis. Although headers are easily forged, we show that characteristics of attack ramp-up and attack spectrum are more difficult to spoof. To evaluate our framework we monitored access links of a regional ISP detecting 80 live attacks. Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis. We validate our results through monitoring at a second site, controlled experiments, and …

Metadata

publication

Computer Networks 46 (4), 479-503, 2004

year

2004

publication date

2004/11/15

authors

Alefiya Hussain, John Heidemann, Christos Papadopoulos

link

https://www.sciencedirect.com/science/article/pii/S1389128604001343

resource_link

https://www.academia.edu/download/85086919/Hussain04b.pdf

journal

Computer Networks

volume

46

issue

4

pages

479-503

publisher

Elsevier