A Framework for Classifying Denial of Service Attacks

Get BibTex-formatted data

Author

Hussain, Alefiya; Heidemann, John; Papadopoulous, Christos

Entry type

article

Abstract

Launching a denial of service (DoS) attack is trivial, but detection and response is a painfully slow and often a manual process. Automatic classification of attacks as single-or multi-source can help focus a response, but current packet-header-based approaches are susceptible to spoofing. This paper introduces a framework for classifying DoS attacks based on header content, transient ramp-up behavior and novel techniques such as spectral analysis. Although headers are easily forged, we show that characteristics of attack ramp-up and attack specrum and more difficult to spoof. To evaluate our framework we monitored access links of a regional ISP detecting 80 live attacks. Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis. We validate our results thrugh monitoring at a sencond site, controlled experiments and stimulation. We use experiments and simulation to understand the underlying reasons for the characteristics observed. In addition to helping understand attack dynamics, classifications mechanisms such as ours are important for the development of realistic models of DoS traffic, can be packaged as an automated tool to aid in rapid response to attacks, and can also be used to estimate the level of DoS activity on the Internet.

Date

2003 – 08 – 29

URL

http://delivery.acm.org/10.114 ... 5683&CFTOKEN=71334300

Journal

SIGCOMM'03

Key alpha

Hussain

Publisher

ACM

Affiliation

USC/Information Sciences Institute

Publication Date

2003-08-29

Copyright

2003 by ACM

Language

English

Price

$5.00

Subject

Classifying Denial of Service Attacks

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Hussain,
	title = "A Framework for Classifying Denial of Service Attacks",
	author = "Hussain, Alefiya; Heidemann, John; Papadopoulous, Christos",
	year = "2003",
	month = "08",
	journal = "SIGCOMM'03",
	publisher = "ACM",
	day = "29",
	abstract = "Launching a denial of service (DoS)  attack is trivial, but detection and response is a painfully slow and often a manual process.  Automatic classification of attacks as single-or multi-source can help focus a response, but current packet-header-based approaches are susceptible to spoofing.  This paper introduces a framework for classifying DoS attacks based on header content, transient ramp-up behavior and novel techniques such as spectral analysis.  Although headers are easily forged, we show that characteristics of attack ramp-up and attack specrum and more difficult to spoof.  To evaluate our framework we monitored access links of a regional ISP detecting 80 live attacks.  Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis.  We validate our results thrugh monitoring at a sencond site, controlled experiments and stimulation.  We use experiments and simulation to understand the underlying reasons for the characteristics observed.  In addition to helping understand attack dynamics, classifications mechanisms such as ours are important for the development of realistic models of DoS traffic, can be packaged as an automated tool to aid in rapid response to attacks, and can also be used to estimate the level of DoS activity on the Internet.",
	affiliation = "USC/Information Sciences Institute",
	copyright = "2003 by ACM",
	language = "English",
	price = "$5.00",
	subject = "Classifying Denial of Service Attacks",
	url = "http://delivery.acm.org/10.1145/870000/863968/p99-hussain.pdf?key1=863968&key2=6242627421&coll=GUIDE&dl=GUIDE&CFID=45095683&CFTOKEN=71334300",
}