A denial of service detector based on maximum likelihood detection and the random neural network

In spite of extensive research in defence against De- nial of Service (DoS), such attacks remain a predom- inant threat in today’s networks. Due to the sim- plicity of the concept and the availability of the rele- vant attack tools, launching a DoS attack is relatively easy, while defending a network resource against it is disproportionately difficult. The first step of any comprehensive protection scheme against DoS is the detection of its existence, ideally long before the de- structive traffic build-up. In this paper we propose a generic approach for DoS detection which uses multi- ple Bayesian classifiers and random neural networks (RNN). Our method is based on measuring various instantaneous and statistical variables describing the incoming network traffic, acquiring a likelihood esti- mation and fusing the information gathered from the individual input features using likelihood averaging and different architectures of RNNs. We present and compare seven different implementations of it and evaluate our experimental results obtained in a large networking testbed

Profiling cyber attackers using case-based reasoning

Computer security would arguably benefit from more information on the characteristics of the particular human attacker behind a security incident. Nevertheless, technical security mechanisms have always focused on the at- tack's characteristics rather than the attacker's. The latter is a challenging prob- lem, as relevant data cannot easily be found. We argue that the cyber traces left by a human attacker during an intrusion attempt can help towards building a profile of the particular person. To illustrate this concept, we have developed an approach using case-based reasoning that indirectly measures an attacker’s characteristics for given attack scenarios. Our results reveal that case-based rea- soning has the potential of being used to assist security and forensic investiga- tors in profiling human attackers

DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey

Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks are typically explicit attempts to exhaust victim2019;s bandwidth or disrupt legitimate users2019; access to services. Traditional architecture of internet is vulnerable to DDoS attacks and it provides an opportunity to an attacker to gain access to a large number of compromised computers by exploiting their vulnerabilities to set up attack networks or Botnets. Once attack network or Botnet has been set up, an attacker invokes a large-scale, coordinated attack against one or more targets. Asa result of the continuous evolution of new attacks and ever-increasing range of vulnerable hosts on the internet, many DDoS attack Detection, Prevention and Traceback mechanisms have been proposed, In this paper, we tend to surveyed different types of attacks and techniques of DDoS attacks and their countermeasures. The significance of this paper is that the coverage of many aspects of countering DDoS attacks including detection, defence and mitigation, traceback approaches, open issues and research challenges

Surveying port scans and their detection methodologies

Scanning of ports on a computer occurs frequently on the Internet. An attacker performs port scans of IP addresses to find vulnerable hosts to compromise. However, it is also useful for system administrators and other network defenders to detect port scans as possible preliminaries to more serious attacks. It is a very difficult task to recognize instances of malicious port scanning. In general, a port scan may be an instance of a scan by attackers or an instance of a scan by network defenders. In this survey, we present research and development trends in this area. Our presentation includes a discussion of common port scan attacks. We provide a comparison of port scan methods based on type, mode of detection, mechanism used for detection, and other characteristics. This survey also reports on the available datasets and evaluation criteria for port scan detection approaches