TY - GEN
T1 - Abnormality metrics to detect and protect against network attacks
AU - Qu, Guangzhi
AU - Hariri, Salim
AU - Jangiti, Santosh
AU - Hussain, Suhail
AU - Oh, Seungchan
AU - Fayssal, Samer
AU - Yousif, Mazin
PY - 2004
Y1 - 2004
N2 - Internet has been growing at an amazing rate and it becomes pervasive in all aspects of our life. On the other hand, the ubiquity of networked computers and their services has significantly increased their vulnerability to virus and worm attacks. To make pervasive systems and their services reliable and secure it becomes highly essential to develop on-line monitoring, analysis, and quantification of the operational state of such systems and services under a wide range of normal and abnormal workload scenarios. In this paper, we prevent several abnormality metrics that can be used to detect abnormal behaviors and also can be used to quantify the impact of attacks on pervasive system services. Our online monitoring approach is based on deploying software agents on selected routers, clients and servers to continuously monitor the measurement attributes and compute the abnormality metrics. Further, we use this metrics to quantify the impact of attacks on the individual components and on the system as a whole. This analysis leads to identify the most critical components in the system. We have built a test bed to experiment and evaluate the effectiveness of these metrics to detect several well-known network attacks such as MS SQL slammer worm attack, Denial of Service attack, and email worm spam.
AB - Internet has been growing at an amazing rate and it becomes pervasive in all aspects of our life. On the other hand, the ubiquity of networked computers and their services has significantly increased their vulnerability to virus and worm attacks. To make pervasive systems and their services reliable and secure it becomes highly essential to develop on-line monitoring, analysis, and quantification of the operational state of such systems and services under a wide range of normal and abnormal workload scenarios. In this paper, we prevent several abnormality metrics that can be used to detect abnormal behaviors and also can be used to quantify the impact of attacks on pervasive system services. Our online monitoring approach is based on deploying software agents on selected routers, clients and servers to continuously monitor the measurement attributes and compute the abnormality metrics. Further, we use this metrics to quantify the impact of attacks on the individual components and on the system as a whole. This analysis leads to identify the most critical components in the system. We have built a test bed to experiment and evaluate the effectiveness of these metrics to detect several well-known network attacks such as MS SQL slammer worm attack, Denial of Service attack, and email worm spam.
UR - http://www.scopus.com/inward/record.url?scp=10444259711&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=10444259711&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:10444259711
SN - 0780385772
SN - 9780780385771
T3 - Proceedings - The IEEE/ACS International Conference on Pervasive Services, ICPS2004
SP - 105
EP - 111
BT - Proceedings - The IEEE/ACS International Conference on Pervasive Services, ICPS2004
T2 - Proceedings - The IEEE/ACS International Conference on Pervasive Services, ICPS2004
Y2 - 19 July 2004 through 23 July 2004
ER -