Detection of Denial-of-QoS Attacks Based On χ Statistic And EWMA Control Charts
作者: Douglas S. Reeves , Xiaoyong Wu , Vinay A. Mahadik
DOI:
关键词:
摘要: In this paper, we describe a method of detecting denial Quality Service attacks on DiffServ networks. Our approach focusses real time and quick detection, scalability to large networks, negligible false alarm generation rate. Sensors sample QoS parameters like bit rate, packet dropping jitter specific Virtual Leased Line (VLL) flows at predefined strategic points in their paths. We detect anomalies sampled network flow statistics using the EWMA Control Chart test for highly stationary measures rest adapt SRI’s χ statistic based NIDES approach. implementation shows that has 100% detection rate above its threshold level those produce statistically significant degradation. The is low less than about 15 minutes. maximum inherent both tests any monitored combined order 1 1000 valid status alerts either normal or under attack. believe given results our system, strong candidate intrusion low-cost commercial deployment. ∗Vinay A. Mahadik pursuing Master Science Computer Networking NC State University, Raleigh. Email : vamahadi@unity.ncsu.edu †Xiaoyong Wu with Advanced Research Group, MCNC, Triangle Park. xwu@anr.mcnc.org ‡Douglas S. Reeves Department Science, reeves@unity.ncsu.edu
参考文章(23)
David Alan Ohsie, Modeled abductive inference for event management and correlation Columbia University. ,(1998)
E. Rosen, A. Viswanathan, R. Callon, Multiprotocol Label Switching Architecture RFC. ,vol. 3031, pp. 1- 61 ,(2001)
J. Wroclawski, W. Weiss, F. Baker, J. Heinanen, Assured Forwarding PHB Group RFC. ,vol. 2597, pp. 1- 11 ,(1999)
Y.F. Jou, F. Gong, C. Sargor, X. Wu, S.F. Wu, H.C. Chang, F. Wang, Design and implementation of a scalable intrusion detection system for the protection of network infrastructure darpa information survivability conference and exposition. ,vol. 2, pp. 69- 83 ,(2000) , 10.1109/DISCEX.2000.821510
Z. Wang, M. Carlson, W. Weiss, D. Black, S. Blake, E. Davies, An Architecture for Differentiated Service RFC 2475. ,vol. 2475, pp. 1- 36 ,(1998)
Hervé Debar, Marc Dacier, Andreas Wespi, Towards a taxonomy of intrusion-detection systems Computer Networks. ,vol. 31, pp. 805- 822 ,(1999) , 10.1016/S1389-1286(98)00017-6
S. Jamin, L. Zhang, S. Herzog, R. Braden, S. Berson, Resource ReSerVation Protocol (RSVP) -- Version 1 Functional Specification IETF RFC 2205. ,vol. 2205, pp. 1- 112 ,(1997)
Karl Pearson, X. On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling Philosophical Magazine Series 1. ,vol. 50, pp. 11- 28 ,(1900) , 10.1080/14786440009463897
Walter A. Shewhart, Statistical method from the viewpoint of quality control ,(1939)
S. W. Roberts, Control chart tests based on geometric moving averages Technometrics. ,vol. 42, pp. 97- 101 ,(2000) , 10.2307/1271439