Tang et al., 2018 - Google Patents
Low-rate dos attack detection based on two-step cluster analysisTang et al., 2018
- Document ID
- 14019540840444105749
- Author
- Tang D
- Dai R
- Tang L
- Zhan S
- Man J
- Publication year
- Publication venue
- International Conference on Information and Communications Security
External Links
Snippet
The low-rate denial of service (LDoS) attacks reduce the throughput of TCP traffic by sending high rate and short duration bursts periodically to the victim. Although many LDoS attack detection methods have been proposed, LDoS attacks are still difficult to accurately …
- 238000001514 detection method 0 title abstract description 42
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/02—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data
- H04L43/026—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data using flow generation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gao et al. | A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network | |
Verma et al. | Statistical analysis of CIDDS-001 dataset for network intrusion detection systems using distance-based machine learning | |
Jeya et al. | Efficient classifier for R2L and U2R attacks | |
Xiao et al. | Towards network anomaly detection using graph embedding | |
Tang et al. | Low-rate dos attack detection based on two-step cluster analysis | |
Tang et al. | Low-rate DoS attack detection based on two-step cluster analysis and UTR analysis | |
Bajaj et al. | Dimension reduction in intrusion detection features using discriminative machine learning approach | |
Sharon et al. | An intelligent intrusion detection system using hybrid deep learning approaches in cloud environment | |
Sree et al. | HADM: detection of HTTP GET flooding attacks by using Analytical hierarchical process and Dempster–Shafer theory with MapReduce | |
Kozik et al. | Pattern extraction algorithm for NetFlow‐based botnet activities detection | |
Liu et al. | A survey on encrypted traffic identification | |
Sait et al. | Multi-level anomaly detection: Relevance of big data analytics in networks | |
Ban et al. | Detection of botnet activities through the lens of a large-scale darknet | |
Jyothsna et al. | Flow based anomaly intrusion detection system using ensemble classifier with Feature Impact Scale | |
Tang et al. | HSLF: HTTP header sequence based lsh fingerprints for application traffic classification | |
Hajimaghsoodi et al. | Rad: A statistical mechanism based on behavioral analysis for ddos attack countermeasure | |
RU148692U1 (en) | COMPUTER SECURITY EVENTS MONITORING SYSTEM | |
Zwane et al. | Ensemble learning approach for flow-based intrusion detection system | |
CN103501302B (en) | Method and system for automatically extracting worm features | |
Sharma et al. | An overview of flow-based anomaly detection | |
Min et al. | Online Internet traffic identification algorithm based on multistage classifier | |
Shraya Taruna et al. | Enhanced naive bayes algorithm for intrusion detection in data mining | |
Jing et al. | DDoS detection based on graph structure features and non‐negative matrix factorization | |
Shaikh et al. | Advanced signature-based intrusion detection system | |
Feng et al. | Toward explainable and adaptable detection and classification of distributed denial-of-service attacks |