Terena Title Logo  
decoration line

navigation button: home navigation button: programme navigation button: meetings navigation button: social navigation button: registration navigation button: venue navigation button: credits navigation button: contacts navigation button: sponsorship navigation button: search
decoration line

TERENA Logo small


Denial of Service (DoS) attacks do not attempt to break into computer systems but aim to the disruption of the normal system operation through overloading network and / or system resources. Their complexity and magnitude is rapidly increasing and their distributed version (DDoS attacks) is becoming a nuisance to modern IT infrastructure and a very challenging detection problem. Various detection solutions are proposed and many intrusion detection tools attempt to identify DDoS attacks mostly through anomaly detection, i.e. identification of deviations from normal operation patterns. We present an anomaly detection solution that relies on network flow data exported from CISCO Netflow-enabled devices. The proposed detection algorithm monitors flow data from all interfaces of border routing equipment and calculates specific metrics that are compared against adaptive thresholds that characterize the “normal” network utilization.



This presentation is part of session "Recent Results III" which starts at Tuesday, June 8 @ 14:00


Home | Programme | Meetings | Social | Registration | Venue | Credits | Contacts | Sponsorship | Search back to top
Last modified on the 15th 2004f June 2004 - 12:35