Mahidol University Logo
Faculty of ICT, Mahidol University
 

Admissions

Printable Version

 

LIGHTWEIGHT DETECTION OF DOS ATTACKS

 

TITLE LIGHTWEIGHT DETECTION OF DOS ATTACKS
AUTHOR SIRIKARN PUKKAWANNA
DEGREE MASTER OF SCIENCE PROGRAMME IN COMPUTER SCIENCE
FACULTY FACULTY OF SCIENCE
ADVISOR VASAKA VISOOTTIVISETH
CO-ADVISOR SUDSANGUAN NGAMSURIYAROJ
PANITA PONGPAIBOOL
 
ABSTRACT
Denial of Service (DoS) attacks have continued to evolve and they impact the availability of Internet infrastructure. Many researchers in the field of network security and system survivability have been developing mechanisms to detect DoS attacks. By doing so they hope to maximize accurate detections (true-positive) and minimize non-justified detections (false-positive). This research proposes a lightweight method to identify DoS attacks by analyzing host behavior. Our method is based on the concept of BLINd Classification or BLINC: no access to packet payload, no knowledge of port numbers, and no additional information other than what current flow collectors provide. Rather than using pre-defined signatures or rules as in typical Intrusion Detection Systems, BLINC maps packets into graphlets of each attack pattern. In this work we create six types of graphlets for the following DoS attack patterns: TCP SYN flood, UDP flood, ICMP flood, Smurf, port scan, and host scan. The results show that our method can identify all occurrences and all hosts associated with attack activities.
KEYWORD NETWORK SECURITY / INTRUSION DETECTION / DENIAL OF SERVICE / TRAFFIC CLASSIFICATION

 

Go to Top

 

ICT Building, Mahidol University, 999 Phuttamonthon 4 Road, Salaya, Nakhonpathom 73170 Tel. +66 02 441-0909 Fax. +66 02 849-6099
Mahidol University Computing Center, The Faculty of ICT, Mahidol University , Rama 6 Road, Rajathevi, Bangkok 10400 Tel. +66 02 354-4333 Fax. +66 02 354-7333