Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12]

@

Journal of Information Science and Engineering, Vol. 20 No. 6, pp. 1079-1091 (November 2004)

Abnormal Event Detection for Network Flooding Attacks

Chi-Shih Chao*, Yu-Xin Chen and An-Chi Liu
*Department of Communications Engineering
Department of Information Engineering
Feng Chia University
Taichung, 407 Taiwan
E-mail: cschao@fcu.edu.tw

Due to the high demand for network service availability and reliability, the IDS (Intrusion Detecting System) has become an essential element for IP networks. Currently, most IDSs use a pattern-matching mechanism to detect network flooding attacks. However, while running, such a mechanism needs to take into considerable the computing time/resource of an IDS or an IDS-embedded router. This can easily cause the IDS or router to become overloaded or to crash. In this paper, an abnormal event detection mechanism based on the abrupt variation analysis of network traffic is proposed. This detection mechanism works cooperatively with the pattern-matching mechanic to perform effective attack detection in a situation where overloading of an IDS or an IDS-embedded device should be avoided. In addition, a monitoring system using abnormal event detection is designed and implemented to demonstrate its detection performance. By using the developed system, network managers can not only determine the occurrence and the behavior of an attack, but also take some timely actions to present or stop the attack on crucial network resources.

Keywords: abnormal traffic event detection, statistical reference window, network flooding attacks, event correlation, network security management

Full Text () Retrieve PDF document (200411_03.pdf)

Received March 30, 2004; accepted June 30, 2004.
Communicated by Han-Chieh Chao.