Using Statistics to Detect and Thwart Denial of Service Attacks
Carla Brodley, (Purdue University), firstname.lastname@example.org
A recent phenomenon that challenges the availability of a network or host is the upswing of Denial-of-Service Attacks (NDoS), which seek to deny (or significantly degrade) a network service to the users of that service. Because NDoS attacks take many forms, characterizing an attack is not easy. Making matters worse, not all degradations of network performance are caused by malicious individuals; many times congestion due to a traffic surge or hardware/software failure can cause symptoms similar to an NDoS attack. In this talk I will present ways in which statistics can help ameliorate the problems of NDoS. The first is to monitor the traffic for anomalous behavior and then determine whether these anomalous behaviors are due to an NDoS attack. Because signature techniques cannot detect new forms of attacks, and in the domain of network security, new attacks appear frequently, our focus is on anomaly detection. The second approach is designed to ensure that a signature-based Intrusion Detection System (IDS) cannot be thwarted by a bandwidth NDoS attack. Finally, I will briefly discuss how a host/network should react once it has detected an NDoS.