By Topic

HIDDEN: Hausdorff Distance Based Intrusion Detection Approach DEdicated to Networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Labit, Y. ; LAAS-CNRS, Univ. de Toulouse, Toulouse ; Mazel, J.

DoS attacks represent a big threat for the Internet. While most of attack detection techniques are based on passive monitoring of traffic, we propose a detection method, HIDDEN, based on active measurements, the objective being to make possible the real-time detection and classification of DoS attacks, without intrusive probing. The originality of our contribution relies on the use of the entropy function computed from probabilities of time series of measured ICMP request/echo delays. However, the evaluation of the method exhibits a dramatic number of false positives. It has then been enriched by the use of the Hausdorff distance on probabilities of time series, which significantly decreases the number of false positives. In addition, a method for discriminating ICMP attacks from others (TCP/UDP attacks) using icmp_seq has been added. Experiments for evaluating the effectiveness of the approach have been run on the French operational RENATER network, on which artificial attacks have been generated using TFN2K [14]. Results exhibit that TCP, UDP and ICMP DoS attacks have been accurately detected in less than 1 second.

Published in:

Internet Monitoring and Protection, 2008. ICIMP '08. The Third International Conference on

Date of Conference:

June 29 2008-July 5 2008