Sophisticated denial-of-service attack detections through integrated architectural, OS, and appplication level events monitoring

Identifier

etd-07022009-001507

Author

Ran Tao, Louisiana State University and Agricultural and Mechanical CollegeFollow

Degree

Master of Science in Electrical Engineering (MSEE)

Department

Electrical and Computer Engineering

Document Type

Thesis

Abstract

As the first step to defend against DoS attacks, Network-based Intrusion Detection System is well explored and widely used in both commercial tools and research works. Such IDS framework is built upon features extracted from the network traffic, which are application-level features, and is effective in detecting flooding-based DoS attacks. However, in a sophisticated DoS attack, where an attacker manages to bypass the network-based monitors and launch a DoS attack locally, sniffer-based methods have difficulty in differentiating attacks with normal behaviors, since the malicious connection itself behaves in the same manner of normal connections. In this work, we study a Host-based IDS framework which integrates features from architectural and operating system (OS) levels to improve performance of sophisticated DoS intrusion detection. Network traffic collected from a campus network, and real-world exploits are used to provide a realistic evaluation.

Date

2009

Document Availability at the Time of Submission

Release the entire work immediately for access worldwide.

Recommended Citation

Tao, Ran, "Sophisticated denial-of-service attack detections through integrated architectural, OS, and appplication level events monitoring" (2009). LSU Master's Theses. 979.
https://repository.lsu.edu/gradschool_theses/979

Committee Chair

Lu Peng

DOI

10.31390/gradschool_theses.979