Detection of Denial-of-service Attacks

作     者：Anh Quang Tran, ZHANG Qianli , LI Xing (Tsinghua University, Beijing 100084, China) 

作者机构：Tsinghua University Beijing 100084 China 

出 版 物：《计算机工程》 (Computer Engineering)

年 卷 期：2002年第28卷第S1期

页      面：86-91页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 

基　　金：This research is supported by foundation of national plan"863"(No.001AA142080) 

主　　题：Denial-of-service attack Support vector machine Intrusion detection Receiver operating characteristic 

摘      要：Denial-of-service (DOS) is a type of computer attack, which can essentially disable computers and networks. Resource consumption type of DOS attack could not be detected by the traditional misuse detection technique. This paper presents a new method of support vector mchine (SVM) to detect these attacks. We find that a DOS attack to a host is related to the activities within an impact data set of the host. The SVM method is used to classify the subsets of an impact data set to estimate its anomalism. The experiment result shows that this method can detect resource consumption type of DOS attacks, such as SYN-flood, Smurf and UDP-storm. A receiver operating characteristic curve is plotted to determine performance for any possible operating point of the DOS attacks detection.