Actas de congresos
PRBS/EWMA Based Model for Predicting Burst Attacks (Brute Froce, DoS) in Computer Networks
Date
2014-01-01Registration in:
2014 Ninth International Conference On Digital Information Management (icdim). New York: Ieee, p. 194-200, 2014.
WOS:000364918800034
Author
Universidade de São Paulo (USP)
Univ Avignon
Univ Oeste Paulista
Universidade Estadual Paulista (Unesp)
Institutions
Abstract
Burst attacks (e.g. Brute Force, DoS, DDoS, etc) have become a great concern for the today's computer networks, causing millions of losses to the society. Even though the detection of burst attacks is widely investigated, there is a gap in the academic literature regarding the predicting models for anticipating such security issue. As the frequency of bursts depends on the behavior of the attackers, it is hard to determine the exact moment when a burst starts. In this paper we propose a new model for aggregating peaks of a burst - specifically for the brute force attack - at a single point called One Point Analysis (OPA). We applied the OPA technique in a prototype, so the beginning of each burst was predicted by the use of (a) Pseudo-Random Binary Sequences (PRBS), and (b) Exponential Weighted Moving Averages (EWMA). For evaluating the results, the OPA was compared to other techniques by two indicators, and it was possible coming to a conclusion regarding the OPA effectiveness.