Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

CISC 2005: Information Security and Cryptology pp 395–406Cite as

Detection of Unknown DoS Attacks by Kolmogorov-Complexity Fluctuation

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3822))

Abstract

Detection of unknown Denial-of-Service (DoS) attacks is a hard issue. What attackers do is simply to consume a large amount of target resources. This simple feature allows attackers to create a wide variety of attack flows, and hence we must find a sophisticated general metric for detection. A possible metric is Kolmogorov Complexity (KC), a measure of the size of the smallest program capable of representing the given piece of data flows because DoS attacks, known or unknown, are anyway launched by computer programs. However, there are no established DoS-detection methods which make use of this possibility. And to make matters worse, it is well known that KC cannot be rigorously computed. In this paper, we compare three different KC estimation methods including a new proposal of our own, and propose a new DoS-detection method by monitoring fluctuation of KC differentials.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Distributed Denial of Service (DDoS) Attacks/tools, http://staff.washington.edu/dittrich/misc/ddos/

  2. Lau, F., Rubin, S.H., Smith, M.H., Trajovic, L.: Distributed Denial of Service Attacks. In: Proceedings of IEEE International Conference on Systems, Man, and Cybernetics, October 2000, pp. 2275–2280 (2000)

    Google Scholar 

  3. Leiwo, J., Aura, T., Nikander, P.: Towards Network Denial of Service Resistant Protocols. In: Proceedings of the 15th International Information Security Conference (IFIP/SEC 2000), August 2000, pp. 301–310. Kluwer, Dordrecht (2000)

    Google Scholar 

  4. Matsuura, K., Imai, H.: Modified Aggressive Modes of Internet Key Exchange Resistant against Denial-of-Service Attacks. IEICE Transactions on Information and Systems E83-D(5), 972–979 (2000)

    Google Scholar 

  5. Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34(2), 39–54 (2004)

    Article  Google Scholar 

  6. Alifri, H.: Ip Traceback: A New Denial-Of-Service Deterrent? IEEE Security & Privacy 1(3) (2003)

    Google Scholar 

  7. Tupakula, U.K., Varadharajan, V.: A Practical Method to Counteract Denial of Service Attacks. In: Proceedings of the 26th Australasian Computer Science Conference (ACSC 2003), February 2003, vol. 16 (2003)

    Google Scholar 

  8. Peng, T., Leckie, C., Ramamohanarao, K.: Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. Manuscript, ARC Special Research Center for Ultra-Broadband Information Networks

    Google Scholar 

  9. Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2827 (May 2000)

    Google Scholar 

  10. Denning, D.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  11. Thottan, M., Ji, C.: Proactive Anomaly Detection Using Distributed Intelligent Agents. IEEE Network 12(5), 21–27 (1998)

    Article  Google Scholar 

  12. Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. Supplement to IEEE Computer, Security & Privacy, 27–30 (2002)

    Google Scholar 

  13. Krügel, C., Toth, T., Kirda, E.: Service Specific Anomaly Detection for Network Intrusion Detection. In: Proceedings of the 2002 ACM Symposium on Applied Computing, March 2002, pp. 201–208 (2002)

    Google Scholar 

  14. Siaterlis, C., Maglaris, B.: Towards Multisensor Data Fusion for DoS Detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 439–446 (2004)

    Google Scholar 

  15. Kulkarni, A.B., Bush, S.F., Evans, S.C.: Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics. Tech. Report, GE Research & Development Center, 2001CRD176 (Class 1) (December 2001)

    Google Scholar 

  16. Cover, T., Thomas, J.: Elements of Information Theory, pp. 144–153. John Wiley & Sons, Inc, New York (1991)

    Book  MATH  Google Scholar 

  17. Li, M., Vitanyi, P.: An Introduction to Kolmogorov Complexity and Its Applications. Springer, Berlin (1993)

    MATH  Google Scholar 

  18. Evans, S.C., et al.: Kolmogorov Complexity Estimation and Analysis. Tech. Report, GE Research & Development Center, 2002GRC177 (Class 1) (October 2002)

    Google Scholar 

  19. http://www.apache.org/dyn/closer.cgi

  20. http://netgroup-serv.polito.it/windump/install/Default.htm

  21. Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational Experiences with High-Volume Network Intrusion Detection. In: Proceedings of the 11th ACM conference on Computer and Communications Security, October 2004, pp. 2–11 (2004)

    Google Scholar 

  22. Tongshen, H., Xiamin, Qingzhang, C., Kezhen, Y.: Design and Implement of Firewall-Log-Based Online Attack Detection System. In: Proceedings of the 3rd International Conference on Information Security (InfoSecu 2004), November 2004, pp. 146–149 (2004)

    Google Scholar 

  23. Mirkovic, J., et al.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. Tech. Report, UCLA CSD, CSD-TR-020018 (2002)

    Google Scholar 

  24. Cheung, S., Levitt, K.N.: Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection. In: Proc. of New Security Paradigms Workshop 1997, September 1997, pp. 94–106 (1997)

    Google Scholar 

  25. Sun, J., Jin, H., Chen, H., Zhang, Q., Han, Z.: A compound intrusion detection model. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 370–381. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  26. Xu, W., Wood, T., Trappe, W., Zhang, Y.: Wireless Monitoring and Denial of Service: Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service. In: Proceedings of the 2004 ACM Workshop on Wireless Security, October 2004, pp. 80–89 (2004)

    Google Scholar 

  27. Kargl, F., Maier, J., Weber, M.: Protecting Web Servers from Distributed Denial of Service Attacks. In: Proceedings of the 10th International Conference on World Wide Web, pp. 514–524 (2001)

    Google Scholar 

  28. Hussain, A., Heidemann, J., Papadopoulos, C.: Denial-of-Service: A Framework for Classifying Denial of Service Attacks. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, August 2003, pp. 99–110 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Industrial Science, The University of Tokyo, 4-6-1 Komaba, Meguro-ku, Tokyo, 153-8505, Japan

    Takayuki Furuya, Takahiro Matsuzaki & Kanta Matsuura

Authors
  1. Takayuki Furuya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Takahiro Matsuzaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kanta Matsuura
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. State Key Laboratory of Information Security, Institution of Software of Chinese Academy of Sciences, 100080, Beijing, China

    Dengguo Feng

  2. SKLOIS Lab, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, P.R. China

    Dongdai Lin

  3. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Furuya, T., Matsuzaki, T., Matsuura, K. (2005). Detection of Unknown DoS Attacks by Kolmogorov-Complexity Fluctuation. In: Feng, D., Lin, D., Yung, M. (eds) Information Security and Cryptology. CISC 2005. Lecture Notes in Computer Science, vol 3822. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599548_34

Download citation

  • DOI: https://doi.org/10.1007/11599548_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30855-3

  • Online ISBN: 978-3-540-32424-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation