Abstract
New intrusions have being tried continuously due to vulnerability of TCP/IP on the computer networks. Many studies have been progressed about the method that is based on the signature and anomaly behavior in order to detect the attacks using vulnerability of networks. However the detection of intrusion from an enormous network data is very difficult and required much load of work. In this paper, for the effective detection, we studied the combination of network measures from the data packets which is generated by various DoS attacks using the vulnerability of TCP/IP. As the result, we were able to find the causality of network measures for the DoS attacks based on networks and detect similar attacks as well as existing attacks using it. Furthermore, the detection by possible combination of selected measures has a high accurate rate, and also the causality of network measures can be used to generate real-time detection patterns.
This research was supported by University IT Research Center Project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anderson, D., Lunt, T., Javitz, H., Tamaru, A., Valdes, A.: Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System(NIDES), TR SRI-CSL-95-06, SRI C&S Lab. (1995)
Cannady, J.: Artificial Neural Networks for Misuse Detection. NISSC, 443–456 (1998)
Paxson, V.: Bro: A system for detection network intruders in real-time. Computer Networks 31(23-24), 2435–2463 (1999)
Sekar, R., Guang, Y., Verma, S., Shanbhag, T.: A High-Performance Network Intrusion Detection System. In: ACM Conference on Computer and Communications Security, pp. 8-17 (1999)
Mukkamala, S., Sung, A.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1 (2003)
Bykova, M., Ostermann, S.: Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet. 2nd IMW 2002
Mahoney, M., Chan, P.: PHAD: Packet Header Anomaly Detection for Indentifying Hostile Network Traffic. Florida Tech., TR CS-2001-4 (April 2001)
Templeton, S., Levitt, K.: Detecting Spoofed Packets. In: Proc. of the DARPA Information Survivability Conferences and Exposition (DISCEX 2003) (2003)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: Proceedings of the DARPA Information Survivability Conferences and Exposition(DISCEX 2003) (2003)
Kendall, K.: A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, MIT Master’s Thesis (June 1999)
Das, K.: Attack Development for Intrusion Detection Evaluation, MIT Master’s Thesis (June 2000)
Ptacek, T., Newsham, T.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, TR (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheong, IA., Kim, YM., Kim, MS., Noh, BN. (2004). The Causality Analysis of Protocol Measures for Detection of Attacks Based on Network. In: Kahng, HK., Goto, S. (eds) Information Networking. Networking Technologies for Broadband and Mobile Networks. ICOIN 2004. Lecture Notes in Computer Science, vol 3090. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25978-7_97
Download citation
DOI: https://doi.org/10.1007/978-3-540-25978-7_97
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23034-2
Online ISBN: 978-3-540-25978-7
eBook Packages: Springer Book Archive