Co-sponsored by: carrollca@yahoo.com

Information theoretic and statistical methods to detect the Low and Slow Rate of Denial of Service Attacks

In this presentation we focus on the detection of Shrew attack or the New Shrew attack belonging to a category of attacks a.k.a. “low and slow attacks” or “low rate DDoS attacks” We considered a spectral approach by converting a time series from time domain to spectral domain.
In the first part of this presentation we will focus on the periodicity detection in a single time series in order to reveal the presence of Shrew attacks. We can detect in an “aggregate flow” that periodicity which characterizes the presence of Shrew (New Shrew attack).
We will make correlations with the methods presented in the technical literature which are used to identify unknown or hidden periodicity in a time series such as: 1) Periodogram or autocorrelation based methods which transform the time series from time domain to spectral domain. 2) Epoch folding methods which sort the time series’ values into bins according to their phase and use some test statistics for finding the optimal period length.3) Lately, some approaches have been proposed to search for repeating patterns. 4) Attempts were made to search for local minima of the mean fluctuation function.
In the second part of this presentation we will use notions, definitions, and tools from a) Information theory (entropy, relative entropy, i.e., which are probability based) and b) Statistics (relative entropy function, relative frequency, large deviation theory, Sanov theorem, etc.).

Speaker(s): Dr. Paul Cotae, , Dr. Paul Cotae,

Location:
Bldg: Ruby Tuesday
8811 Greenbelt Road
Intersection of Greenbelt Road and Cipriano Road
Greenbelt , Maryland
20770