TY - JOUR
T1 - Detecting application denial-of-service attacks
T2 - A group-testing-based approach
AU - Xuan, Ying
AU - Shin, Incheol
AU - Thai, My T.
AU - Znati, Taieb
N1 - Funding Information:
The work of Dr. My T. Thai is supported in part by the US National Science Foundation (NSF) grant number CNS-0847869. A preliminary version of this paper: M.T. Thai, Y. Xuan, I. Shin, and T. Znati, “On Detection of Malicious Users Using Group Testing Techniques,” is in the Proceeding of International Conference on Distributed Computing Systems (ICDCS), 2008.
PY - 2010
Y1 - 2010
N2 - Application DoS attack, which aims at disrupting application service rather than depleting the network resource, has emerged as a larger threat to network services, compared to the classic DoS attack. Owing to its high similarity to legitimate traffic and much lower launching overhead than classic DDoS attack, this new assault type cannot be efficiently detected or prevented by existing detection solutions. To identify application DoS attack, we propose a novel group testing (GT)-based approach deployed on back-end servers, which not only offers a theoretical method to obtain short detection delay and low false positive/negative rate, but also provides an underlying framework against general network attacks. More specifically, we first extend classic GT model with size constraints for practice purposes, then redistribute the client service requests to multiple virtual servers embedded within each back-end server machine, according to specific testing matrices. Based on this framework, we propose a two-mode detection mechanism using some dynamic thresholds to efficiently identify the attackers. The focus of this work lies in the detection algorithms proposed and the corresponding theoretical complexity analysis. We also provide preliminary simulation results regarding the efficiency and practicability of this new scheme. Further discussions over implementation issues and performance enhancements are also appended to show its great potentials.
AB - Application DoS attack, which aims at disrupting application service rather than depleting the network resource, has emerged as a larger threat to network services, compared to the classic DoS attack. Owing to its high similarity to legitimate traffic and much lower launching overhead than classic DDoS attack, this new assault type cannot be efficiently detected or prevented by existing detection solutions. To identify application DoS attack, we propose a novel group testing (GT)-based approach deployed on back-end servers, which not only offers a theoretical method to obtain short detection delay and low false positive/negative rate, but also provides an underlying framework against general network attacks. More specifically, we first extend classic GT model with size constraints for practice purposes, then redistribute the client service requests to multiple virtual servers embedded within each back-end server machine, according to specific testing matrices. Based on this framework, we propose a two-mode detection mechanism using some dynamic thresholds to efficiently identify the attackers. The focus of this work lies in the detection algorithms proposed and the corresponding theoretical complexity analysis. We also provide preliminary simulation results regarding the efficiency and practicability of this new scheme. Further discussions over implementation issues and performance enhancements are also appended to show its great potentials.
KW - Application DoS
KW - group testing
KW - network security
UR - http://www.scopus.com/inward/record.url?scp=77954302312&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77954302312&partnerID=8YFLogxK
U2 - 10.1109/TPDS.2009.147
DO - 10.1109/TPDS.2009.147
M3 - Article
AN - SCOPUS:77954302312
SN - 1045-9219
VL - 21
SP - 1203
EP - 1216
JO - IEEE Transactions on Parallel and Distributed Systems
JF - IEEE Transactions on Parallel and Distributed Systems
IS - 8
M1 - 5232807
ER -