- Αρχική Σελίδα
- →
- Κεντρική Βιβλιοθήκη Ε.Μ.Π.
- →
- Ιδρυματικό Αποθετήριο
- →
- Δημοσιεύσεις μελών Δ.Ε.Π. σε συνέδρια
- →
- Εμφάνιση Τεκμηρίου
HEAL DSpace
Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics
Αποθετήριο DSpace/Manakin
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Siaterlis, C | en |
| dc.contributor.author | Maglaris, V | en |
| dc.date.accessioned | 2014-03-01T02:43:12Z | |
| dc.date.available | 2014-03-01T02:43:12Z | |
| dc.date.issued | 2005 | en |
| dc.identifier.issn | 15301346 | en |
| dc.identifier.uri | https://dspace.lib.ntua.gr/xmlui/handle/123456789/31295 | |
| dc.subject | Artificial Neural Network | en |
| dc.subject | ddos attack | en |
| dc.subject | Distributed Denial of Service | en |
| dc.subject | Passive Measurement | en |
| dc.subject.other | Edge networks | en |
| dc.subject.other | Multi-layer perceptrons (MLP) | en |
| dc.subject.other | Service attacks | en |
| dc.subject.other | Congestion control (communication) | en |
| dc.subject.other | Distributed computer systems | en |
| dc.subject.other | Neural networks | en |
| dc.subject.other | Security of data | en |
| dc.subject.other | Telecommunication links | en |
| dc.subject.other | Telecommunication services | en |
| dc.subject.other | Computer crime | en |
| dc.title | Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics | en |
| heal.type | conferenceItem | en |
| heal.identifier.primary | 10.1109/ISCC.2005.50 | en |
| heal.identifier.secondary | http://dx.doi.org/10.1109/ISCC.2005.50 | en |
| heal.publicationDate | 2005 | en |
| heal.abstract | Detection of Distributed Denial of Service attacks should ideally take place near their sources, at edge networks, where countermeasures are most effective. DDoS detection by monitoring an over-provisioned backbone link either near the source or the victim is challenging because congestion isn 't the identifying anomaly signature. Most research efforts try to identify a single detection metric that can reliably detect DDoS attacks. On the contrary, we use multiple metrics to successfully detect flooding attacks at the edge and classify them as incoming or outgoing attacks with an Artificial Neural Network (ANN). We explore the DDoS detection ability of Multi-Layer Perceptrons (MLP) as classifiers we can teach by example. The inputs of the MLP are metrics coming from different types of passive measurements that are available today to network administrators. We use these metrics to feed our MLP, train it and evaluate its performance in terms of 'false positive' and 'true positive ' rates in the face of new data. Our analysis is based on data from several experiments that were conducted with the use of common DDoS tools in the production network of a university network. We show that the MLP is capable of classifying the state of the monitored edge network as ""DDoS source"", ""DDoS victim"" or ""normal"". This way an edge network can use a single mechanism to protect itself from incoming DDoS attacks and at the same time protect the rest of the network from outgoing attacks. © 2005 IEEE. | en |
| heal.journalName | Proceedings - IEEE Symposium on Computers and Communications | en |
| dc.identifier.doi | 10.1109/ISCC.2005.50 | en |
| dc.identifier.spage | 469 | en |
| dc.identifier.epage | 475 | en |
Αρχεία σε αυτό το τεκμήριο
| Αρχεία | Μέγεθος | Μορφότυπο | Προβολή |
|---|---|---|---|
|
Δεν υπάρχουν αρχεία που σχετίζονται με αυτό το τεκμήριο. |
|||
