Abstract
Due to the simplicity of the concept and the availability of attack tools, launching a DoS attack is relatively easy, while defending a network resource against it is disproportionately difficult. The first step of a protection scheme against DoS must be the detection of its existence, ideally before the destructive traffic build-up. In this paper we propose a DoS detection approach which uses the maximum likelihood criterion with the random neural network (RNN). Our method is based on measuring various instantaneous and statistical variables describing the incoming network traffic, acquiring a likelihood estimation and fusing the information gathered from the individual input features using likelihood averaging and different architectures of RNNs. We present and compare seven variations of it and evaluate our experimental results obtained in a large networking testbed.
Original language | English |
---|---|
Pages (from-to) | 717-727 |
Number of pages | 11 |
Journal | Computer Journal |
Volume | 50 |
Issue number | 6 |
DOIs | |
Publication status | Published - Nov 2007 |
Externally published | Yes |
Keywords
- Denial of service
- Intrusion detection
- Maximum likelihood detection criterion
- Network security
- Random neural networks