Performance evaluation of a multi-stage network event detection scheme against DDoS attacks

Tutomu Murase, Yukinobu Fukushima, Masayoshi Kobayashi, Hiroki Fujiwara, Ryohei Fujimaki, Tokumi Yokohira

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Change-point detection schemes, which represent one type of anomaly detection schemes, are a promising approach for detecting network anomalies, such as attacks and epidemics by unknown viruses and worms. These events are detected as change-points. However, they generally also detect false-positive change-points caused by other events, such as hardware problems. Therefore there is a requirement for a scheme that detects only true-positive change-points caused by attacks and epidemics by unknown viruses and worms. The true-positive change-points tend to occur simultaneously and intensively in very large numbers, while the false-positive change-points tend to occur independently. We can exclude false-positive change-points by excluding those that occur independently, based on information gathered from the entire network. In this paper, we combine change-point detection schemes with a distributed IDS, and evaluate performance of the combined scheme by a simulation using the parameter values obtained by an experiment using real worms. The simulation results show that the combined scheme detects all the DDoS attacks without any false-positives while we have to tolerate false-positive rate of at least 0.02 to detect all the attacks in a stand-alone IDS scheme.

Original languageEnglish
Title of host publication2008 7th Asia-Pacific Symposium on Information and Telecommunication Technologies, APSITT
Pages58-63
Number of pages6
DOIs
Publication statusPublished - Nov 28 2008
Event2008 7th Asia-Pacific Symposium on Information and Telecommunication Technologies, APSITT - Bandos Island, Maldives
Duration: Apr 22 2008Apr 24 2008

Publication series

Name2008 7th Asia-Pacific Symposium on Information and Telecommunication Technologies, APSITT

Other

Other2008 7th Asia-Pacific Symposium on Information and Telecommunication Technologies, APSITT
CountryMaldives
CityBandos Island
Period4/22/084/24/08

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Fingerprint Dive into the research topics of 'Performance evaluation of a multi-stage network event detection scheme against DDoS attacks'. Together they form a unique fingerprint.

  • Cite this

    Murase, T., Fukushima, Y., Kobayashi, M., Fujiwara, H., Fujimaki, R., & Yokohira, T. (2008). Performance evaluation of a multi-stage network event detection scheme against DDoS attacks. In 2008 7th Asia-Pacific Symposium on Information and Telecommunication Technologies, APSITT (pp. 58-63). [4653540] (2008 7th Asia-Pacific Symposium on Information and Telecommunication Technologies, APSITT). https://doi.org/10.1109/APSITT.2008.4653540