Scenario: Internet Attack

1
Scenario Internet Attack

• Eunice Huang

2
What is DDoS?

• A denial-of-service attack (DoS attack) is an
  attempt to make a computer resource unavailable
  to its intended users

• Distributed denial-of-service attack (DDoS)
  attack

3
A Hybrid Approach to Efficient Detection of
Distributed Denial-of-Service Attacks

• Change-Point Detection

4
Change-Point Detection

• observation
• pre-attack mean
• standard deviation
• design parameter

5
Change-Point Detection
6
A Hybrid Approach to Efficient Detection of
Distributed Denial-of-Service Attacks

• Change-Point Detection

• Want to minimize the tradeoff between false alarm
  rate and average delay time

• Spectral Analysis

7
Spectral Analysis
Packet trace
Time series
Fast Fourier Transform on the autocorrelation
function
Frequency Domain
Compare with expected attack frequencies
8
A Hybrid Approach to Efficient Detection of
Distributed Denial-of-Service Attacks

• Change-Point Detection
• Want to minimize the tradeoff between false alarm
  rate and average delay time
• Spectral Analysis

• Expensive and slow, but very accurate

9
A Hybrid Approach to Efficient Detection of
Distributed Denial-of-Service Attacks
Key Idea

• Combining both methods, we could use
  change-point detection to detect initial abnormal
  behavior with low detection delay but higher
  false alarm rate, then filter the false alarms by
  performing spectral analysis.

10
Demo

• Goal Create a simulation of the detection
  process
• Dataset a five-minute long artificially
  generated trace with background traffic of
  196Mbps and uniform attack with bitrate 125 Mbps
  (Provided by the USC/LANDER project)
• Coding bash scripting, Matlab

11
Demo
12
Continuing Work

• Spectral Analysis
• Run the simulation in real-time
• Find out more information on how the cyberspace
  in LA is being monitored and what systems are
  connected with the network and vulnerable to
  attacks