Abnormality metrics to detect and protect against network attacks

Guangzhi Qu, Salim Hariri, Santosh Jangiti, Suhail Hussain, Seungchan Oh, Samer Fayssal, Mazin Yousif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Internet has been growing at an amazing rate and it becomes pervasive in all aspects of our life. On the other hand, the ubiquity of networked computers and their services has significantly increased their vulnerability to virus and worm attacks. To make pervasive systems and their services reliable and secure it becomes highly essential to develop on-line monitoring, analysis, and quantification of the operational state of such systems and services under a wide range of normal and abnormal workload scenarios. In this paper, we prevent several abnormality metrics that can be used to detect abnormal behaviors and also can be used to quantify the impact of attacks on pervasive system services. Our online monitoring approach is based on deploying software agents on selected routers, clients and servers to continuously monitor the measurement attributes and compute the abnormality metrics. Further, we use this metrics to quantify the impact of attacks on the individual components and on the system as a whole. This analysis leads to identify the most critical components in the system. We have built a test bed to experiment and evaluate the effectiveness of these metrics to detect several well-known network attacks such as MS SQL slammer worm attack, Denial of Service attack, and email worm spam.

Original languageEnglish (US)
Title of host publicationProceedings - The IEEE/ACS International Conference on Pervasive Services, ICPS2004
Pages105-111
Number of pages7
StatePublished - 2004
EventProceedings - The IEEE/ACS International Conference on Pervasive Services, ICPS2004 - Beirut, Lebanon
Duration: Jul 19 2004Jul 23 2004

Publication series

NameProceedings - The IEEE/ACS International Conference on Pervasive Services, ICPS2004

Other

OtherProceedings - The IEEE/ACS International Conference on Pervasive Services, ICPS2004
Country/TerritoryLebanon
CityBeirut
Period7/19/047/23/04

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Abnormality metrics to detect and protect against network attacks'. Together they form a unique fingerprint.

Cite this