The causality analysis of protocol measures for detection of attacks based on network

Abstract

New intrusions have being tried continuously due to vulnerability of TCP/IP on the computer networks. Many studies have been progressed about the method that is based on the signature and anomaly behavior in order to detect the attacks using vulnerability of networks. However the detection of intrusion from an enormous network data is very difficult and required much load of work. In this paper, for the effective detection, we studied the combination of network measures from the data packets which is generated by various DoS attacks using the vulnerability of TCP/IP. As the result, we were able to find the causality of network measures for the DoS attacks based on networks and detect similar attacks as well as existing attacks using it. Furthermore, the detection by possible combination of selected measures has a high accurate rate, and also the causality of network measures can be used to generate real-time detection patterns. © Springer-Verlag Berlin Heidelberg 2004.