Abstract
The increasing popularity of web-based applications has led to several critical services being provided over the Internet. This has made it imperative to monitor the network traffic so as to prevent malicious attackers from depleting the network's resources and denying service to legitimate users. In our research work, we propose WADeS (Wavelet based Attack Detection Signatures), an approach to detect a Distributed Denial of Service Attack using Wavelet methods. We develop a new framework that uses LRU cache filtering to capture the high bandwidth flows followed by computation of wavelet variance on the aggregate miss traffic. The introduction of attack traffic in the network would elicit changes in the wavelet variance. This is combined with thresholding methods to enable attack detection. Sampling techniques can be used to tailor the cost of our detection mechanism. The mechanism we suggest is independent of routing information, thereby making attack detection immune to IP address spoofing. Using simulations and quantitative measures, we find that our mechanism works successfully on several kinds of attacks. We also use statistical methods to validate the results obtained.
Ramanathan, Anu (2002). WADeS: a tool for Distributed Denial of Service Attack detection. Master's thesis, Texas A&M University. Available electronically from
https : / /hdl .handle .net /1969 .1 /ETD -TAMU -2002 -THESIS -R35.