Network Forensics in MANET: Traffic Analysis of Source Spoofed DoS Attacks

2010 Fourth International Conference on Network and System Security Pub Date : 2010-09-01 DOI:10.1109/NSS.2010.45

Yinghua Guo, Matthew Simon

{"title":"Network Forensics in MANET: Traffic Analysis of Source Spoofed DoS Attacks","authors":"Yinghua Guo, Matthew Simon","doi":"10.1109/NSS.2010.45","DOIUrl":null,"url":null,"abstract":"The process of analyzing available network forensics evidence to determine their meaning and significance can be very involved. It is often necessary to develop a timeline of significant events to obtain an overview of what occurred, to create relational diagrams showing which users are connected to which systems, or to correlate and analyze data to find noteworthy patterns of network traffic. However, there is a lack of statistical analysis of network traffic for security incident determination, especially the Denial of Service (DoS) attack in mobile ad hoc network (MANET). In this work, we focus on the \"analysis\" part of network forensic investigation. Specifically, we study one type of DoS attack, called distributed DoS (DDoS) flooding attack in MANET. We present a quantitative model to characterizes this attack and its traffic statistics. We also propose an analytical model for looking for specific patterns of the attack traffic, aiming to achieve: (1) Determine if there is an anomaly in the traffic and whether the anomaly is the DDoS attack (2) Determine the time when the attack is launched.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fourth International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NSS.2010.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

Abstract

The process of analyzing available network forensics evidence to determine their meaning and significance can be very involved. It is often necessary to develop a timeline of significant events to obtain an overview of what occurred, to create relational diagrams showing which users are connected to which systems, or to correlate and analyze data to find noteworthy patterns of network traffic. However, there is a lack of statistical analysis of network traffic for security incident determination, especially the Denial of Service (DoS) attack in mobile ad hoc network (MANET). In this work, we focus on the "analysis" part of network forensic investigation. Specifically, we study one type of DoS attack, called distributed DoS (DDoS) flooding attack in MANET. We present a quantitative model to characterizes this attack and its traffic statistics. We also propose an analytical model for looking for specific patterns of the attack traffic, aiming to achieve: (1) Determine if there is an anomaly in the traffic and whether the anomaly is the DDoS attack (2) Determine the time when the attack is launched.

查看原文本刊更多论文

MANET中的网络取证:源欺骗DoS攻击的流量分析

分析现有网络取证证据以确定其意义和意义的过程可能非常复杂。通常需要开发重要事件的时间轴，以获得所发生事件的概述，创建关系图，显示哪些用户连接到哪些系统，或者关联和分析数据以找到值得注意的网络流量模式。然而，缺乏对网络流量的统计分析来确定安全事件，特别是移动自组网(MANET)中的拒绝服务(DoS)攻击。在这项工作中，我们重点研究了网络法医调查的“分析”部分。具体来说，我们研究了一种类型的DoS攻击，称为分布式DoS (DDoS)泛洪攻击在MANET。我们提出了一个定量模型来表征这种攻击及其流量统计。我们还提出了一个寻找攻击流量具体模式的分析模型，旨在实现:(1)判断流量是否存在异常，是否为DDoS攻击;(2)判断攻击发生的时间。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 Fourth International Conference on Network and System Security

自引率

0.00%

发文量