Detection of collaborative misbehaviour in distributed cyber-attacks
Copyright policy )Detection of collaborative misbehaviour in distributed cyber-attacks
Abstract In this article, we consider the detection of suspiciously high correlation between malicious Internet users that are collaborating in order to cause a Distributed Denial of Service (DDoS) attack. The main goal is to obtain a method for judging correlated misbehaviour among the requests that are issued by different users, aiming to recognize early enough any abnormal behaviour and avoid the full consequences of the DDoS attack. The identification is based on the frequencies with which users issue (simultaneous) requests and is accomplished through the analysis of the data traffic using the requests for connection across the concerned network over a period of time. The paper models normal and malicious behaviour via hidden Markov models, and analyses the performance of the proposed detection method using both mathematical reasoning and simulations. Evaluations of the proposed method on real data sets and comparisons of its performance against existing related methodologies are also provided.
- University of Cyprus Cyprus
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).5 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!