Low-rate attacks can conceal their traffic because they are very much like normal communication. Thus, although a number of volume-based detection techniques that monitor the aggregate or per link traffic load of a network are able to identify anomalies that trigger significant traffic volume changes, they are not applicable to low-rate attacks. Because of this, the problem of low-rate attacks has been attracting many researchers in the community of network security. In this study, we propose for the first time a method based on the normal traffic mode for detecting outbreaks of low-rate attacks. Some behavior-based approaches have been proposed for anomaly detections. They, however, are not able to be used for low-rate attacks. The experimental result indicates our proposal is efficient.
|Translated title of the contribution||A Behavior-based Detection Method for Outbreaks of Low-rate Attacks|
|Number of pages||6|
|Journal||IEICE technical report|
|Publication status||Published - Mar 9 2012|