TY - GEN
T1 - Detection of denial of service attacks using AGURI
AU - Kaizaki, Ryo
AU - Cho, Kenjiro
AU - Nakamura, Osamu
PY - 2002/12/1
Y1 - 2002/12/1
N2 - Denial of Service attacks is divided into two types, one is logic attack and the another one is flooding attack. Logic attack exploits security holl of the software such as operating system and web server bugs, then causes system crash or degrade in the performance. Logic attack can be defended by upgrading software and/or filtering particular packet sequences. Comparing each packets of the flooding attack and the other normal communication traffics, the only difference is the number of the packets. Flooding attack creates enormous amount of packets. Therefore, to protect systems from flooding attacks, the same method for logic attacks can not be used. During the network operations, flooding attack is usually detected by using traffic monitoring tools such as MRTG. However those tools will not detect the attack automatically. In this paper, the method for automatic detection of the flooding attacks is described. For the monitoring tools, AGURI, that we have developed, is used. Using the traffic pattern aggregation method, AGURI can monitor the traffics in a long term and detect flooding attacks.
AB - Denial of Service attacks is divided into two types, one is logic attack and the another one is flooding attack. Logic attack exploits security holl of the software such as operating system and web server bugs, then causes system crash or degrade in the performance. Logic attack can be defended by upgrading software and/or filtering particular packet sequences. Comparing each packets of the flooding attack and the other normal communication traffics, the only difference is the number of the packets. Flooding attack creates enormous amount of packets. Therefore, to protect systems from flooding attacks, the same method for logic attacks can not be used. During the network operations, flooding attack is usually detected by using traffic monitoring tools such as MRTG. However those tools will not detect the attack automatically. In this paper, the method for automatic detection of the flooding attacks is described. For the monitoring tools, AGURI, that we have developed, is used. Using the traffic pattern aggregation method, AGURI can monitor the traffics in a long term and detect flooding attacks.
UR - http://www.scopus.com/inward/record.url?scp=0141485316&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0141485316&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:0141485316
SN - 7505377027
T3 - Proceeding of the International Conference on Telecommunications
SP - 808
EP - 812
BT - Proceeding of the International Conference on Telecommunications
A2 - Yuan'an, L.
A2 - Yuan'an, L.
T2 - Proceedings of the International Conference on Telecommunications 2002
Y2 - 23 June 2002 through 26 June 2002
ER -