Kanlayasiri et al., 2000 - Google Patents
Network-based intrusion detection model for detecting TCP SYN floodingKanlayasiri et al., 2000
View PDF- Document ID
- 12061608907852708465
- Author
- Kanlayasiri U
- Sanguanpong S
- Publication year
- Publication venue
- Proceedings of the 4th National Computer Science and Engineering Conference, Bangkok, Thailand
External Links
Snippet
This paper presents a method for detecting TCP SYN flooding attack using BENEF model. Our model relies on the significant parameters of anomalous network packets, the statistic of system behavior, and the decision with threshold and fuzzy rule-based technique. With fuzzy …
- 238000001514 detection method 0 title abstract description 53
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1817888B1 (en) | Method and system for managing denial of service situations | |
| US7603709B2 (en) | Method and apparatus for predicting and preventing attacks in communications networks | |
| Dickerson et al. | Fuzzy network profiling for intrusion detection | |
| Mirkovic et al. | A taxonomy of DDoS attack and DDoS defense mechanisms | |
| Abad et al. | Log correlation for intrusion detection: A proof of concept | |
| Lippmann et al. | Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation | |
| EP1889443B1 (en) | Computer network intrusion detection system and method | |
| Kazienko et al. | Intrusion Detection Systems (IDS) Part I-(network intrusions; attack symptoms; IDS tasks; and IDS architecture) | |
| u Nisa et al. | Detection of slow port scanning attacks | |
| Kanlayasiri et al. | A rule-based approach for port scanning detection | |
| Hwang et al. | NetShield: Protocol anomaly detection with datamining against DDoS attacks | |
| Kanlayasiri et al. | Network-based intrusion detection model for detecting TCP SYN flooding | |
| Ogunleye et al. | Securing and monitoring of Bandwidth usage in multi-agents denial of service environment | |
| Jadidoleslamy | Weaknesses, Vulnerabilities and Elusion Strategies Against Intrusion Detection Systems | |
| Iheagwara et al. | Evaluation of the performance of id systems in a switched and distributed environment: the realsecure case study | |
| Sanguanpong | Network-based Intrusion Detection Model for Detecting TCP SYN flooding | |
| Raza et al. | Analyzing the Behaviour of DDOS Cyber Attacks | |
| Iguchi et al. | Detecting malicious activities through port profiling | |
| Rizvi et al. | A review on intrusion detection system | |
| Cabrera et al. | The monitoring, detection, interpretation and response paradigm for the security of battlespace networks | |
| Kanlayasiri et al. | Detecting Denial of Service using BENEF Model: An Alternative Approach | |
| Hooper | An intelligent detection and response strategy to false positives and network attacks: operation of network quarantine channels and feedback methods to IDS | |
| Bukht | Analyzing the Behaviour of DDoS Cyber Attack | |
| Hooper | Intelligent autonomic strategy to attacks in network infrastructure protection: Feedback methods to IDS, using policies, alert filters and firewall packet filters for multiple protocols | |
| De-Silva et al. | Automated detection of emerging network security threats |