Timing considerations in detecting resource starvation attacks using statistical profiles Online publication date: Sat, 26-Jan-2008
by Colin Pattinson, Kemal Hajdarevic
International Journal of Electronic Security and Digital Forensics (IJESDF), Vol. 1, No. 2, 2007
Abstract: Resource starvation Denial of Service (DoS) attacks cause the attacked services to be denied to legitimate users. This paper introduces an approach to proactively detect such a DoS attack in its early development stages and therefore avoid damage. Our approach uses the set of data in the Management Information Base (MIB) retrieved by the Simple Network Management Protocol (SNMP). MIB traffic data (such as origin/destination; TCP connection state) and process table content (memory/CPU utilisation by specific processes) are used to construct performance profiles over long and short time scales. We define appropriate indicators and identifiable steps (check points) where resource starvation DoS attacks are recognised and stopped before they affect a system. By detecting in the early development stages, it is possible to avoid service interruption, system availability problems and other related effects, such as system and bandwidth performance degradation caused by legitimate operations.
Online publication date: Sat, 26-Jan-2008
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Electronic Security and Digital Forensics (IJESDF):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email firstname.lastname@example.org