| Because of cheaper hardware and the development of Internet businesses, smallservers and inexperienced users are increasing quickly. Therefore there are manylightweight security software appear responsible for. Although Denial of Service (DoS)attacks are clearly defined, classified and understood, preventing them still has manyproblems. Almost DoS attacks are prevented by ISP (Internet Service Provider), however,there still have many DoS attacks occur every day. They are considered as small attacksand easily passed through ISP prevention, but they may collapse a small server.As a consequence, this thesis concentrates on creating a lightweight detectionprogram to identify DoS attacks by analysis packet flows. Some common DoS attackgraphlets were collected and constructed to identify the intrusion. Based on techniques andmechanisms of Host-based IDS in combination with BLINC concept, a Network-basedIDS program is created. This program can work at Network-based or Host-based IDSposition on the network. Instead of using rules or predefined signatures as most IDS,packet flows are mapped into attack patterns. This lightweight detection program does nothave to access to packet payload, without knowledge of port number, and without additioninformation. This leads considerable CPU and memory usage will be reduced. Beside that,having GUI and high adaptive with many platforms ability allows inexperienced userseasy to use. |
PDF Full Text Request