5 research outputs found
DDoS Attacks with Randomized Traffic Innovation: Botnet Identification Challenges and Strategies
Distributed Denial-of-Service (DDoS) attacks are usually launched through the
, an "army" of compromised nodes hidden in the network. Inferential
tools for DDoS mitigation should accordingly enable an early and reliable
discrimination of the normal users from the compromised ones. Unfortunately,
the recent emergence of attacks performed at the application layer has
multiplied the number of possibilities that a botnet can exploit to conceal its
malicious activities. New challenges arise, which cannot be addressed by simply
borrowing the tools that have been successfully applied so far to earlier DDoS
paradigms. In this work, we offer basically three contributions: we
introduce an abstract model for the aforementioned class of attacks, where the
botnet emulates normal traffic by continually learning admissible patterns from
the environment; we devise an inference algorithm that is shown to
provide a consistent (i.e., converging to the true solution as time progresses)
estimate of the botnet possibly hidden in the network; and we verify the
validity of the proposed inferential strategy over network traces.Comment: Submitted for publicatio
Network anomaly detection research: a survey
Data analysis to identifying attacks/anomalies is a crucial task in anomaly detection and network anomaly detection itself is an important issue in network security. Researchers have developed methods and algorithms for the improvement of the anomaly detection system. At the same time, survey papers on anomaly detection researches are available. Nevertheless, this paper attempts to analyze futher and to provide alternative taxonomy on anomaly detection researches focusing on methods, types of anomalies, data repositories, outlier identity and the most used data type. In addition, this paper summarizes information on application network categories of the existing studies