Skip to Main Content
Denial of Service (DoS) attacks are ubiquitous to computer networks. Flood based attacks are a common class of DoS attacks. DoS detection mechanisms that aim at detecting floods mainly look for sudden changes in the traffic and mark them anomalous. In this paper, we propose a method that considers the traffic in a network as a time-series and smoothens it using exponential moving average and analyzes the smoothened wave using energy distribution based on wavelet analysis. The parameters we used to represent the traffic are number of bytes received per unit time and the proportion between incoming and outgoing bytes. By analyzing the energy distribution in the wavelet form of a smoothened time-series, growth in the traffic, which is the result of a DoS attack can be detected very early. As the parameters we considered represent different properties of the network, the accuracy of the detection will be very high and with less false positives.
Date of Conference: 29-31 Aug. 2007