| With the development of network communication and collaboration,denial-of-service (Dos) attack increasingly becomes one of the hardest and mostannoying network security problems to address: a successful attack sends a largenumber of malicious packets to overwhelm the victim's CPU, memory, or networkresources. For the Dos attacks are easy to launch, but hard to detect, that inspiresmany researchers to develop new defending methods. Our paper provides the detailed implementing mechanisms of Dos attacks andmakes a deep survey of current detecting algorithms and systems. AnomalyDetection paradigm was widely used to detect the attacks. The advantage ofanomaly detection is that previously unknown attacks can be discovered. But thereexist two problems which hinder the detecting accuracy. One is that the attributes ofDos attacks are difficult to depict. Another challenge for anomaly detection isthreshold setting.In this paper, we present a new framework to detect the Dos attacks according toits natural characteristics. In the training phase, a Gaussian parametrical mixturemodel is utilized to estimate the normal behavior of packets' arrivals. It avoids theexplosion of character space. In the detecting phase, the packets are treated aspassing a queue model. The hypothetic service time is deduced from the GaussianMixture Model after training. If the queue length maintains short, the behavioris normal. On the other hand, when the length exceeds a certain threshold, itimplies a potential attack. In case that attacker tries to inject a huge amount of trafficinto the network, the deviation will be detected soon by our framework.The DARPA 1999 Data Set is deployed to making the test. Experiments verifythat our proposed approach is effective and has reasonable accuracy. |
PDF Full Text Request