Show simple item record

dc.contributor.authorZolotukhin, Mikhail
dc.contributor.authorKokkonen, Tero
dc.contributor.authorHämäläinen, Timo
dc.contributor.authorSiltanen, Jarmo
dc.date.accessioned2017-02-02T06:44:05Z
dc.date.available2017-02-02T06:44:05Z
dc.date.issued2016
dc.identifier.citationZolotukhin, M., Kokkonen, T., Hämäläinen, T., & Siltanen, J. (2016). On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks. <i>International Journal of Digital Content Technology and its Applications</i>, <i>10</i>(5), 14-33. <a href="http://www.globalcis.org/dl/stamp.asp?file=http://www.globalcis.org/jdcta/ppl/JDCTA3787PPL.pdf" target="_blank">http://www.globalcis.org/dl/stamp.asp?file=http://www.globalcis.org/jdcta/ppl/JDCTA3787PPL.pdf</a>
dc.identifier.otherCONVID_26368695
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/52943
dc.description.abstractApplication-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer making it even harder to detect attacker’s activity without decrypting users network traffic and violating their privacy. In this paper, we present a method which allows us to timely detect various applicationlayer attacks against a computer network. We focus on detection of the attacks that utilize encrypted protocols by applying an anomaly-detection-based approach to statistics extracted from network packets. Since network traffic decryption can violate ethical norms and regulations on privacy, the detection method proposed analyzes network traffic without decryption. The method involves construction of a model of normal user behavior by analyzing conversations between a server and clients. The algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available. Once the model has been built, it can be applied to detect various types of application-layer denial-of- service attacks. The proposed technique is evaluated with realistic end user network traffic generated in our virtual network environment. Evaluation results show that these attacks can be properly detected, while the number of false alarms remains very low.
dc.language.isoeng
dc.publisherAdvanced Institute of Convergence IT
dc.relation.ispartofseriesInternational Journal of Digital Content Technology and its Applications
dc.relation.urihttp://www.globalcis.org/dl/stamp.asp?file=http://www.globalcis.org/jdcta/ppl/JDCTA3787PPL.pdf
dc.subject.othernetwork security
dc.subject.otherintrusion detection
dc.subject.otherdenial of service
dc.subject.otheranomaly detection
dc.subject.othertraffic clustering
dc.titleOn Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks
dc.typeresearch article
dc.identifier.urnURN:NBN:fi:jyu-201701121137
dc.contributor.laitosTietotekniikan laitosfi
dc.contributor.laitosDepartment of Mathematical Information Technologyen
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineMathematical Information Technologyen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.date.updated2017-01-12T13:15:04Z
dc.type.coarhttp://purl.org/coar/resource_type/c_2df8fbb1
dc.description.reviewstatuspeerReviewed
dc.format.pagerange14-33
dc.relation.issn1975-9339
dc.relation.numberinseries5
dc.relation.volume10
dc.type.versionacceptedVersion
dc.rights.copyright© the Authors & Advanced Institute of Convergence IT, 2016. This is an open access article published by Convergence Information Society.
dc.rights.accesslevelopenAccessfi
dc.type.publicationarticle
dc.type.okmA1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record