Hybrid Scaling Based Dynamic Time Warping for Detection of Low-rate TCP Attacks 


Vol. 33,  No. 7, pp. 592-600, Jul.  2008


PDF Full-Text
  Abstract

In this paper, a Hybrid Scaling based DTW (HS-DTW) mechanism is proposed for detection of periodic shrew TCP attacks. A low-rate TCP attack which is a type of shrew DoS (Denial of Service) attacks, was reported recently, but it is difficult to detect the attack using previous flooding DoS detection mechanisms. A pattern matching method with DTW (Dynamic Time Warping) as a type of defense mechanisms was shown to be reasonable method of detecting and defending against a periodic low-rate TCP attack in an input traffic link. This method, however, has the problem that a legitimate link may be misidentified as an attack link, if the threshold of the DTW value is not reasonable. In order to effectively discriminate between attack traffic and legitimate traffic, the difference between their DTW values should be large as possible. To increase the difference, we analyze a critical problem with a previous algorithm and introduce a scaling method that increases the difference between DTW values. Four kinds of scaling methods are considered and the standard deviation of the sampling data is adopted. We can select an appropriate scaling scheme according to the standard deviation of an input signal. This is why the HS-DTW increases the difference between DTW values of legitimate and attack traffic. The result is that the determination of the threshold value for discrimination is easier and the probability of mistaking legitimate traffic for an attack is dramatically reduced.

  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

W. So, K. Yoo, Y. Kim, "Hybrid Scaling Based Dynamic Time Warping for Detection of Low-rate TCP Attacks," The Journal of Korean Institute of Communications and Information Sciences, vol. 33, no. 7, pp. 592-600, 2008. DOI: .

[ACM Style]

Won-Ho So, Kyoung-Min Yoo, and Young-Chon Kim. 2008. Hybrid Scaling Based Dynamic Time Warping for Detection of Low-rate TCP Attacks. The Journal of Korean Institute of Communications and Information Sciences, 33, 7, (2008), 592-600. DOI: .

[KICS Style]

Won-Ho So, Kyoung-Min Yoo, Young-Chon Kim, "Hybrid Scaling Based Dynamic Time Warping for Detection of Low-rate TCP Attacks," The Journal of Korean Institute of Communications and Information Sciences, vol. 33, no. 7, pp. 592-600, 7. 2008.

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)






pISSN : 1226 - 4717
eISSN : 2287 - 3880