TY - GEN
T1 - On detection of malicious users using group testing techniques
AU - Thai, My T.
AU - Xuan, Ying
AU - Shin, Incheol
AU - Znati, Taieb
PY - 2008
Y1 - 2008
N2 - Despite decades of research, there have not been developed concrete defense solutions for most of current attacks to Internet services, let alone new attack types. An essential problem to overcome is that malicious traffic can be similar to legitimate ones. Thus a more fundamental model which should be based on the overall performance of servers/subnets without inspecting each traffic must be remedied. Based on this observation, we propose a novel system framework, called Detection of Malicious Users (DMU) which attempts to solve various attack types. Motivated by DMU, we introduce a new theoretical model, called Size Constraint Group Testing (SCGT). Several algorithms based on SCGT for various networking scenarios are proposed. We also provide several fundamental results on SCGT, revealing some necessary conditions to obtain an O(1) detection time algorithm.
AB - Despite decades of research, there have not been developed concrete defense solutions for most of current attacks to Internet services, let alone new attack types. An essential problem to overcome is that malicious traffic can be similar to legitimate ones. Thus a more fundamental model which should be based on the overall performance of servers/subnets without inspecting each traffic must be remedied. Based on this observation, we propose a novel system framework, called Detection of Malicious Users (DMU) which attempts to solve various attack types. Motivated by DMU, we introduce a new theoretical model, called Size Constraint Group Testing (SCGT). Several algorithms based on SCGT for various networking scenarios are proposed. We also provide several fundamental results on SCGT, revealing some necessary conditions to obtain an O(1) detection time algorithm.
UR - http://www.scopus.com/inward/record.url?scp=51849166403&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51849166403&partnerID=8YFLogxK
U2 - 10.1109/ICDCS.2008.75
DO - 10.1109/ICDCS.2008.75
M3 - Conference contribution
AN - SCOPUS:51849166403
SN - 9780769531724
T3 - Proceedings - The 28th International Conference on Distributed Computing Systems, ICDCS 2008
SP - 206
EP - 213
BT - Proceedings - The 28th International Conference on Distributed Computing Systems, ICDCS 2008
T2 - 28th International Conference on Distributed Computing Systems, ICDCS 2008
Y2 - 17 July 2008 through 20 July 2008
ER -