Files in this item

FilesDescriptionFormat

application/pdf

application/pdfRoseline_Kone.pdf (2MB)
(no description provided)PDF

Description

Title:Monitoring unknown source IP addresses and packet sizes to detect DDoS attacks
Author(s):Kone, Roseline
Director of Research:Sowers, Richard B.
Doctoral Committee Chair(s):Sowers, Richard B.
Doctoral Committee Member(s):Abbas, Ali E.; Kiyavash, Negar; Song, Renming
Department / Program:Industrial&Enterprise Sys Eng
Discipline:Industrial Engineering
Degree Granting Institution:University of Illinois at Urbana-Champaign
Degree:Ph.D.
Genre:Dissertation
Subject(s):Poisson Cluster Process
Compound Pareto Distribution
Binary Hypothesis Testing
Sequential Detection
Distributed Denial of Service (DDoS) Attacks
Abstract:This thesis presents three procedures to detect Distributed Denial of Service (DDoS) attacks. DDoS attacks are known as one of the most expensive and destructive Internet threats. Assuming network tra c is a marked Poisson process, two parametric detection models are developed. The arrival of packet ows is modeled as Poisson process with cluster sizes that follows a mixture of discrete and heavy tailed distributions. Both detection systems monitor the percentage of unknown source IP addresses. The rst detection model is formulated as a xed sample size binary hypothesis testing. The decision making is based on the Neyman-Pearson criteria. The second parametric model is a sequential probability ratio test where the sample size is a random variable. Acceptance and rejection boundaries are deduced based on Wald's Fundamental Identity. Given that parametric distributions may fail to capture the complex and dynamic nature of the Internet, a third non-parametric detection model is proposed. In addition to the percentage of unknown source IP addresses, a second test statistic is introduced. The latter represents the mean to standard deviation ratio of data packet sizes. The Neyman-Pearson threshold is estimated from the empirical distribution functions of both random variables.
Issue Date:2014-05-30
URI:http://hdl.handle.net/2142/49735
Rights Information:Copyright 2014 Roseline Estelle Sindolmane Kone
Date Available in IDEALS:2014-05-30
2016-09-22
Date Deposited:2014-05


This item appears in the following Collection(s)

Item Statistics