Symmetric Measure of Network Traffic using Packet Ratio and Packet Symmetry

Flood attacks on a network occur when attackers send a very high volume of traffic to a system. This leads to an exhaustion of resources of the targeted system. Such a system or infrastructure under attack won’t be able to cope up with the services it needs to provide due to capacity overload. These...

Full description

Saved in:
Bibliographic Details
Published in:Procedia computer science 2019, Vol.165, p.112-118
Main Authors: Devi, B.S. Kiruthika, Dudeja, K., John, A.V., Marcin, K., Subbulakshmi, T.
Format: Article
Language:English
Subjects:
Denial of Service
ICMP
packet symmetry
TCP-SYN
transmission ratio
UDP
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Flood attacks on a network occur when attackers send a very high volume of traffic to a system. This leads to an exhaustion of resources of the targeted system. Such a system or infrastructure under attack won’t be able to cope up with the services it needs to provide due to capacity overload. These types of attacks are also called as Denial of Service (DoS) attacks. As it is essential for companies and organizations to provide high speed and high-quality services the network in which it operates needs to be secured against DoS attacks. As it is said prevention is better than cure, it is always better to detect an attack in the preliminary stages itself and deny an attacker any opportunity to continue the assault on the system. There are various kinds of DoS attacks, in this study the focus is on three kinds of attacks and its detection ICMP flood attack, UDP flood attack and TCP SYN flood attack. The detection mechanism employed is based on packet symmetry which can be used in to monitor the data flow in a network and detect any malicious anomalies in the network traffic at any instant. The experimental results, show that the packet symmetry is a reliable metric to detect attacks on the network by checking the data flow in the ICMP, UDP and TCP layers.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2020.01.082