{"title":"Network Forensics in MANET: Traffic Analysis of Source Spoofed DoS Attacks","authors":"Yinghua Guo, Matthew Simon","doi":"10.1109/NSS.2010.45","DOIUrl":null,"url":null,"abstract":"The process of analyzing available network forensics evidence to determine their meaning and significance can be very involved. It is often necessary to develop a timeline of significant events to obtain an overview of what occurred, to create relational diagrams showing which users are connected to which systems, or to correlate and analyze data to find noteworthy patterns of network traffic. However, there is a lack of statistical analysis of network traffic for security incident determination, especially the Denial of Service (DoS) attack in mobile ad hoc network (MANET). In this work, we focus on the \"analysis\" part of network forensic investigation. Specifically, we study one type of DoS attack, called distributed DoS (DDoS) flooding attack in MANET. We present a quantitative model to characterizes this attack and its traffic statistics. We also propose an analytical model for looking for specific patterns of the attack traffic, aiming to achieve: (1) Determine if there is an anomaly in the traffic and whether the anomaly is the DDoS attack (2) Determine the time when the attack is launched.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fourth International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NSS.2010.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 21
Abstract
The process of analyzing available network forensics evidence to determine their meaning and significance can be very involved. It is often necessary to develop a timeline of significant events to obtain an overview of what occurred, to create relational diagrams showing which users are connected to which systems, or to correlate and analyze data to find noteworthy patterns of network traffic. However, there is a lack of statistical analysis of network traffic for security incident determination, especially the Denial of Service (DoS) attack in mobile ad hoc network (MANET). In this work, we focus on the "analysis" part of network forensic investigation. Specifically, we study one type of DoS attack, called distributed DoS (DDoS) flooding attack in MANET. We present a quantitative model to characterizes this attack and its traffic statistics. We also propose an analytical model for looking for specific patterns of the attack traffic, aiming to achieve: (1) Determine if there is an anomaly in the traffic and whether the anomaly is the DDoS attack (2) Determine the time when the attack is launched.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
