Abstract
A recent escalation of application layer Denial of Service (DoS) attacks on the Internet has quickly shifted the interest of the research community traditionally focused on network-based DoS attacks. A number of studies came forward showing the potency of attacks, introducing new varieties and discussing potential detection strategies. The underlying problem that triggered all this research is the stealthiness of application layer DoS attacks. Since they usually do not manifest themselves at the network level, these types of attacks commonly avoid traditional network-layer based detection mechanisms.In this work we turn our attention to this problem and present a novel detection approach for application layer DoS attacks based on nonparametric CUSUM algorithm. We explore the effectiveness of our detection on various types of these attacks in the context of modern web servers. Since in production environments detection is commonly performed on a sampled subset of network traffic, we also study the impact of sampling techniques on detection of application layer DoS attack. Our results demonstrate that the majority of sampling techniques developed specifically for intrusion detection domain introduce significant distortion in the traffic that minimizes a detection algorithm’s ability to capture the traces of these stealthy attacks.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
