Consiglio Nazionale delle Ricerche

Tipo di prodottoArticolo in rivista
TitoloA Network Traffic Representation Model for Detecting Application Layer Attacks
Anno di pubblicazione2016
Autore/iEnrico Cambiaso, Gianluca Papaleo, Giovanni Chiola, Maurizio Aiello
Affiliazioni autoriIEIIT-CNR, National Research Council, via De Marini 6, 16149, Genoa, Italy Università degli Studi di Genova, via Dodecaneso, 35, 16146, Genoa, Italy
Autori CNR e affiliazioni
  • inglese
AbstractIntrusion Detection Systems (IDS) play an important role in network security, protecting systems and infrastructures from malicious attacks. With the emerging of novel threats and offensive mechanisms, IDS require updates in order to efficiently detect new menaces. In this paper we propose an anomaly-based detection model designed for particular application protocols, exploited by emerging menaces known as Slow Denial of Service (DoS) Attacks. We define parameters characterizing network traffic and we describe in detail how to extrapolate them from a network traffic capture. We motivate the need of packet inspection in certain contexts in order to retrieve correct data. We analyze and describe how the proposed model behaves on two real scenarios involving legitimate and malicious activities, respectively. Thanks to our model, a detection framework for attacks working at the application layer of the communication protocol stack is provided, allowing and facilitating the execution of detection algorithms. Indeed, though the adoption of such framework, the design of efficient detection systems is simplified and designers work is reduced, allowing them a faster deploy of efficient detection algorithms. The aim of this paper is to provide an effective framework for application DoS attacks detection.
Lingua abstractinglese
Altro abstract-
Lingua altro abstract-
Pagine da31
Pagine a42
Pagine totali12
RivistaInternational Journal of Computing and Digital Systems
Editore: Ezendu Ariwa - London, UK
Paese di pubblicazione: Bahrain
Lingua: inglese
ISSN: 2210-142X
Titolo chiave: International Journal of Computing and Digital Systems
Numero volume della rivista5
Fascicolo della rivista1
Verificato da refereeSì: Internazionale
Stato della pubblicazionePublished version
Indicizzazione (in banche dati controllate)-
Parole chiaveintrusion detection, anomaly detection, detection model, framework, lbr dos, slow dos attack
Link (URL, URI)
Titolo parallelo-
Data di accettazione-
Note/Altre informazioni-
Strutture CNR
  • IEIIT — Istituto di elettronica e di ingegneria dell'informazione e delle telecomunicazioni
Moduli CNR
  • INT.P01.004.001 : Rilevazione e controllo di anomalie mediante analisi comportamentale
Progetti Europei-