Browsing by Author "Fouladi, Ramin Fadaei."
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item DDoS attack detection using frequency domain characteristics(Thesis (M.S.)-Bogazici University. Institute for Graduate Studies in Science and Engineering, 2014., 2014.) Fouladi, Ramin Fadaei.; Anarım, Emin.Providing 24-hour service to the users, is one of the major concerns of network administrators. A denial of service attack refers to a condition that a server cannot give normal services to its legitimate clients due to the large amount of bogus packets sent by an unknown source. In a distributed denial of service (DDoS) attack, an attacker launches the attack on a server via a large number of unaware computers through Internet. During a DDoS attack, the victim is forced to reply to the requests from those infected nodes called zombies. The rst step of countermeasure against these types of threats is detection. Conventional methods analyze the contents of packets arrived to the victim node to nd an abnormality. Although they can identify some simple attacks, they are almost unable to segregate the source of normal tra c from attack one when attackers alter the source IP address into the normal source IP address. Additionally the contents of the abnormal packets are usually changed intentionally by attackers to be close to those in normal packets and therefore they can easily be passed through a system employing traditional detection approaches. In this thesis, a frequency domain analysis is proposed to detect DDoS attacks. The number of packets received by the victim in a speci c interval are sampled and considered as a random process. Employing two di erent methods of power spectral density estimation, the frequency characteristic of the time series is estimated. Using each spectrum estimation methods, two sets of frequency characteristics, one for normal and another for DDoS tra c, are acquired, and utilized by a signature based intrusion detection system to detect abnormality.Item Novel time-series based DDOS attack detection schemes for traditional networks and software defined networks(Thesis (Ph.D.) - Bogazici University. Institute for Graduate Studies in Science and Engineering, 2021., 2021.) Fouladi, Ramin Fadaei.; Anarım, Emin.Distributed Denial of Service (DDoS) attacks are always one of the most signifi cant threats for computer networks since they affect the user satisfaction by degrading the availability of on-line services. Although some countermeasures such as Intrusion Detection Systems (IDSs) provide effective mechanisms to discriminate various types of DDoS attacks, they become impotent of detection when bogus packets similar to normal ones are dispatched by the attacker. One promising approach for the DDoS detection in traditional networks is to use the time-series representation of the network traffic while analyzing the incoming packets. Particularly, discriminating features are extracted from the representation of the traffic flow in order to be used with several data analytic techniques such as statistical measures or machine learning algorithms. In this thesis, we first improve the previous works in the literature for the traditional networks by introducing three methods using frequency domain analysis and statistical measures. Later, we extend our findings for SDNs and we propose three different DDoS detection and countermeasure schemes for SDN by employing: (i) Auto-Regressive Integrated Moving Average and a dynamic thresholding method, (ii) Discrete Wavelet Transform and Auto-Encoder Networks, and (iii) Continuous Wavelet Transform and Convolu tional Neural Network. Experimental results show that proposed schemes have high detection and low false alarm rates. Finally, we compare proposed schemes in terms of their attack detection performance and computational complexity cost analysis.