Frequency characteristics of DoS and DDoS attacks (original) (raw)

2013, 2013 21st Signal Processing and Communications Applications Conference (SIU)

Özet -Hizmet Engellerne (DoS) ve Dagmlk Hizmet Engellerne Saldlnlan (DDoS) günümüz bilgisayar aglarmda slk(,:a yer almaktadlr. Sistemi yogun bir �ekilde me�gul eden atak tipi, Dagmlk Hizmet Engelleyici Saldmlar i(,:erisinde en büyük smlfI te�kil eder. Atak tespit mekanizmalan genel olarak trafigin istatistiksel bilgisine dayamr. Maalesef, DoS ve DDoS atak trafiginin istatistiksel özellikleri normal trafik özelliklerine (,:ok benzemektedir. Bu (,:ah�mada DoS ataklarmm frekans domeni karakterize edilmeye (,:ah�llml�tlr. Kurbamn noduna ula�an paket saYlsl rastlantlsal bir süre(,: olarak eIe ahmr. Gelen paketler her bir milisaniyede örneklenerek bu i�lem ger(,:ekle�tirilir. Örnekleme i�lemi ger(,:ekle�tirildikten sonra, i�lemin normalize edilmi� spektrumu bulunur. Sonu(,: olarak, DOS atak enerjilerinin ana klsml yüksek frekanslarda dagIllrken; DDoS atak enerjilerinin ana klsml dü�ük frekanslara yer ahr. Anahtar KelimeIer -DoS,. DDoS; Frekans böIgesi; IDS,. spektrum. Abstract-Denial of Service (DoS) and Distributed Denial of service (DDoS) attacks are common place in today's computer networks. There are different types of attacks among which Flood based attacks are the major ones. Attacks detection mechanisms usually rely on statistical information of the traffic. As regards of the fact that statistical properties of DoS and DDoS attacks are very similar to those in legitimate traffics, in this paper we characterize the frequency domain of denial of service attacks instead of time domain. We consider the number of packets arriving to the node of victim as a random process which is acquired by sampling the packets number every 1 milli-second.