Detection of stealthy TCP-based DoS attacks

Azeem Aqil, Ahmed O.F. Atya, Trent Jaeger, Srikanth V. Krishnamurthy, Karl Levitt, Patrick D. McDaniel, Jeff Rowe, Ananthram Swami

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

Denial of service (DoS) attacks are among the most crippling of network attacks because they are easy to orchestrate and usually cause an immediate shutdown of whatever resource is targeted. Today's intrusion detection systems check if specific single scalar features exceed a threshold to determine if a specific TCP-based DoS attack is underway. To defeat such systems we demonstrate that an attacker can simply launch a combination of attack threads, each of which on its own does not break a system down but together can be very potent. We demonstrate that such attacks cannot be detected by simple threshold based statistical anomaly detection techniques that are used in today's intrusion detection systems. We argue that an effective way to detect such attacks is by jointly considering multiple features that are affected by such attacks. Based on this, we identify a possible set of such features and design a new detection approach that jointly examines these features with regards to whether each exceeds a high threshold or is below a low threshold. We demonstrate that this approach is extremely effective in detecting stealthy DoS attacks; the true positive rate is close to 100 % and the false positive rate is decreased by about 66 % as compared to traditional detectors.

Original languageEnglish (US)
Title of host publication2015 IEEE Military Communications Conference, MILCOM 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages348-353
Number of pages6
ISBN (Electronic)9781509000739
DOIs
StatePublished - Dec 14 2015
Event34th Annual IEEE Military Communications Conference, MILCOM 2015 - Tampa, United States
Duration: Oct 26 2015Oct 28 2015

Publication series

NameProceedings - IEEE Military Communications Conference MILCOM
Volume2015-December

Other

Other34th Annual IEEE Military Communications Conference, MILCOM 2015
Country/TerritoryUnited States
CityTampa
Period10/26/1510/28/15

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Detection of stealthy TCP-based DoS attacks'. Together they form a unique fingerprint.

Cite this