Research Article
Early DoS Attack Detection using Smoothened Time-Series andWavelet Analysis
@INPROCEEDINGS{10.1109/IAS.2007.16, author={Pravin Shinde and Srinivas Guntupalli}, title={Early DoS Attack Detection using Smoothened Time-Series andWavelet Analysis}, proceedings={3rd International ICST Symposium on Information Assurance and Security}, publisher={IEEE}, proceedings_a={IAS}, year={2007}, month={9}, keywords={Computer crime Computer networks Computer security Floods Information security Protocols Telecommunication traffic Time series analysis Traffic control Wavelet analysis}, doi={10.1109/IAS.2007.16} }- Pravin Shinde
Srinivas Guntupalli
Year: 2007
Early DoS Attack Detection using Smoothened Time-Series andWavelet Analysis
IAS
IEEE
DOI: 10.1109/IAS.2007.16
Abstract
Denial of Service (DoS) attacks are ubiquitous to computer networks. Flood based attacks are a common class of DoS attacks. DoS detection mechanisms that aim at detecting floods mainly look for sudden changes in the traffic and mark them anomalous. In this paper, we propose a method that considers the traffic in a network as a time-series and smoothens it using exponential moving average and analyzes the smoothened wave using energy distribution based on wavelet analysis. The parameters we used to represent the traffic are number of bytes received per unit time and the proportion between incoming and outgoing bytes. By analyzing the energy distribution in the wavelet form of a smoothened time-series, growth in the traffic, which is the result of a DoS attack can be detected very early. As the parameters we considered represent different properties of the network, the accuracy of the detection will be very high and with less false positives.