Abstract
Detection of unknown Denial-of-Service (DoS) attacks is a hard issue. What attackers do is simply to consume a large amount of target resources. This simple feature allows attackers to create a wide variety of attack flows, and hence we must find a sophisticated general metric for detection. A possible metric is Kolmogorov Complexity (KC), a measure of the size of the smallest program capable of representing the given piece of data flows because DoS attacks, known or unknown, are anyway launched by computer programs. However, there are no established DoS-detection methods which make use of this possibility. And to make matters worse, it is well known that KC cannot be rigorously computed. In this paper, we compare three different KC estimation methods including a new proposal of our own, and propose a new DoS-detection method by monitoring fluctuation of KC differentials.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Distributed Denial of Service (DDoS) Attacks/tools, http://staff.washington.edu/dittrich/misc/ddos/
Lau, F., Rubin, S.H., Smith, M.H., Trajovic, L.: Distributed Denial of Service Attacks. In: Proceedings of IEEE International Conference on Systems, Man, and Cybernetics, October 2000, pp. 2275–2280 (2000)
Leiwo, J., Aura, T., Nikander, P.: Towards Network Denial of Service Resistant Protocols. In: Proceedings of the 15th International Information Security Conference (IFIP/SEC 2000), August 2000, pp. 301–310. Kluwer, Dordrecht (2000)
Matsuura, K., Imai, H.: Modified Aggressive Modes of Internet Key Exchange Resistant against Denial-of-Service Attacks. IEICE Transactions on Information and Systems E83-D(5), 972–979 (2000)
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34(2), 39–54 (2004)
Alifri, H.: Ip Traceback: A New Denial-Of-Service Deterrent? IEEE Security & Privacy 1(3) (2003)
Tupakula, U.K., Varadharajan, V.: A Practical Method to Counteract Denial of Service Attacks. In: Proceedings of the 26th Australasian Computer Science Conference (ACSC 2003), February 2003, vol. 16 (2003)
Peng, T., Leckie, C., Ramamohanarao, K.: Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. Manuscript, ARC Special Research Center for Ultra-Broadband Information Networks
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2827 (May 2000)
Denning, D.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Thottan, M., Ji, C.: Proactive Anomaly Detection Using Distributed Intelligent Agents. IEEE Network 12(5), 21–27 (1998)
Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. Supplement to IEEE Computer, Security & Privacy, 27–30 (2002)
Krügel, C., Toth, T., Kirda, E.: Service Specific Anomaly Detection for Network Intrusion Detection. In: Proceedings of the 2002 ACM Symposium on Applied Computing, March 2002, pp. 201–208 (2002)
Siaterlis, C., Maglaris, B.: Towards Multisensor Data Fusion for DoS Detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 439–446 (2004)
Kulkarni, A.B., Bush, S.F., Evans, S.C.: Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics. Tech. Report, GE Research & Development Center, 2001CRD176 (Class 1) (December 2001)
Cover, T., Thomas, J.: Elements of Information Theory, pp. 144–153. John Wiley & Sons, Inc, New York (1991)
Li, M., Vitanyi, P.: An Introduction to Kolmogorov Complexity and Its Applications. Springer, Berlin (1993)
Evans, S.C., et al.: Kolmogorov Complexity Estimation and Analysis. Tech. Report, GE Research & Development Center, 2002GRC177 (Class 1) (October 2002)
Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational Experiences with High-Volume Network Intrusion Detection. In: Proceedings of the 11th ACM conference on Computer and Communications Security, October 2004, pp. 2–11 (2004)
Tongshen, H., Xiamin, Qingzhang, C., Kezhen, Y.: Design and Implement of Firewall-Log-Based Online Attack Detection System. In: Proceedings of the 3rd International Conference on Information Security (InfoSecu 2004), November 2004, pp. 146–149 (2004)
Mirkovic, J., et al.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. Tech. Report, UCLA CSD, CSD-TR-020018 (2002)
Cheung, S., Levitt, K.N.: Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection. In: Proc. of New Security Paradigms Workshop 1997, September 1997, pp. 94–106 (1997)
Sun, J., Jin, H., Chen, H., Zhang, Q., Han, Z.: A compound intrusion detection model. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 370–381. Springer, Heidelberg (2003)
Xu, W., Wood, T., Trappe, W., Zhang, Y.: Wireless Monitoring and Denial of Service: Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service. In: Proceedings of the 2004 ACM Workshop on Wireless Security, October 2004, pp. 80–89 (2004)
Kargl, F., Maier, J., Weber, M.: Protecting Web Servers from Distributed Denial of Service Attacks. In: Proceedings of the 10th International Conference on World Wide Web, pp. 514–524 (2001)
Hussain, A., Heidemann, J., Papadopoulos, C.: Denial-of-Service: A Framework for Classifying Denial of Service Attacks. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, August 2003, pp. 99–110 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Furuya, T., Matsuzaki, T., Matsuura, K. (2005). Detection of Unknown DoS Attacks by Kolmogorov-Complexity Fluctuation. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_34
Download citation
DOI: https://doi.org/10.1007/11599548_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30855-3
Online ISBN: 978-3-540-32424-9
eBook Packages: Computer ScienceComputer Science (R0)