In this paper we present a simple cumulative sum algorithm for detection of leaks in open water channels. The algorithm compares the observed changes in water levels against the known in- and out-flows and raises an a...
详细信息
In this paper we present a simple cumulative sum algorithm for detection of leaks in open water channels. The algorithm compares the observed changes in water levels against the known in- and out-flows and raises an alarm if they are not in agreement. The algorithm is tested on data from an irrigation channel with very good results. Leaks are quickly detected and the algorithm is robust against uncertainty in the model parameters.
Distributed denial-of-service (DDoS) attacks present serious threats to servers in the Internet. Detection of DDoS attacks is a challenging task requiring novel approaches. We present IP flow address half interaction ...
详细信息
Distributed denial-of-service (DDoS) attacks present serious threats to servers in the Internet. Detection of DDoS attacks is a challenging task requiring novel approaches. We present IP flow address half interaction value (AHIV) algorithm is proposed based on the address half interaction as well as abrupt traffic change, addresses many-to-one dissymmetry, distributed source IP addresses, and concentrated target addresses of DDoS attack flow. Using AHIV to describe the characteristics of network flow states, we propose an AHIV- based DDoS attack detection (ADD) method to detect AHIV anomaly by transforming the AHIV time series of current network flows into cumulative sum time series (CSTS) and associating with the states of CSTS time series in a slide detection window. The experiment results show that, AHIV can well reflect the different characteristics of normal flows and DDoS attack flows;ADD method can fast distinguish between normal flows and abnormal flows with DDoS attack flows effectively, and has higher detection and lower false alarm rate compared with related works.
Distributed denial-of-service(DDoS) attacks present serious threats to servers in the *** of DDoS attacks is a challenging task requiring novel *** present IP flow address half interaction value(AHIV) algorithm is pro...
详细信息
Distributed denial-of-service(DDoS) attacks present serious threats to servers in the *** of DDoS attacks is a challenging task requiring novel *** present IP flow address half interaction value(AHIV) algorithm is proposed based on the address half interaction as well as abrupt traffic change,addresses many-to-one dissymmetry,distributed source IP addresses,and concentrated target addresses of DDoS attack *** AHIV to describe the characteristics of network flow states,we propose an AHIV-based DDoS attack detection(ADD) method to detect AHIV anomaly by transforming the AHIV time series of current network flows into cumulative sum time series(CSTS) and associating with the states of CSTS time series in a slide detection *** experiment results show that,AHIV can well reflect the different characteristics of normal flows and DDoS attack flows;ADD method can fast distinguish between normal flows and abnormal flows with DDoS attack flows effectively,and has higher detection and lower false alarm rate compared with related works.
Fault detectors have a main role in protection algorithms and should have reliable performance in both dependability and security approaches. In this paper, the robustness of a cumulative sum-based (cusum) fault detec...
详细信息
ISBN:
(纸本)9781424487790
Fault detectors have a main role in protection algorithms and should have reliable performance in both dependability and security approaches. In this paper, the robustness of a cumulative sum-based (cusum) fault detector against network's transient conditions such as lightning and line energizing is investigated. The results have shown that cusum-based fault detection unit is completely secure i.e. it can properly discriminate faults from transients such as lightning and line energizing.
While many offline-based detection approaches have been well studied, the on-line detection of DDoS attack at leaf router near victims still poses quite a challenge to network administrators. Based on per-IP traffic b...
详细信息
While many offline-based detection approaches have been well studied, the on-line detection of DDoS attack at leaf router near victims still poses quite a challenge to network administrators. Based on per-IP traffic behavioral analysis, this paper presents a real-time DDoS attack detection and prevention system which can be deployed at the leaf router to monitor and detect DDoS attacks. The advantages of this system lie in its statelessness and low computation overhead, which makes the system itself immune to flooding attacks. Based on the synchronization of TCP and UDP protocol behavior, this system periodically samples every single IP user's sending and receiving traffic and judges whether its traffic behavior meets the synchronization or not. A new non-parametric cusum algorithm is applied to detect SYN flooding attacks. Moreover, this system can recognize attackers, victims and normal users, and filter or forward IP packets by means of a quick identification technique. Finally, experiment results show that the system can make a real-time detection for flooding attacks at the early attacking stage, and take effective measures to quench it.
暂无评论