By Topic

A summary of detection of denial-of-QoS attacks on DiffServ networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)

This paper summarizes our approach of detecting denial of QoS attacks on DiffServ networks. Our approach focuses on online quick detection, scalability to large networks, and a low false alarm generation rate. Sensors sample QoS metric at strategic points and we detect anomalies in sampled network flow statistics using the χ2 and EWMA Control Chart test methods. We also use rule-based intrusion detection of SLA as a complement to these techniques. We have tested our intrusion detection approach using emulation on a testbed, and using simulation. Attacks are detected 100% of the time, and require from under a minute to approximately 15 minutes to detect. The false alarm rate at the sensitivity level used to achieve these detection results is less than 1%. These results make our work a strong candidate for deployment.

Published in:

DARPA Information Survivability Conference and Exposition, 2003. Proceedings  (Volume:2 )

Date of Conference:

22-24 April 2003