Distributed Denial-of-Service attacks pose unpredictable threats to the internet infrastructure and internet-based business. Thus, many attack detection systems and anomaly detection methods were developed in the past. A realistic evaluation of these mechanisms and comparable results, however, are impossible up to now. Furthermore, an adaptation to new situations or an extension of existing systems in most cases is complex and time-consuming. Therefore, we developed a framework for attack detection which allows for an integration of various detection methods as lightweight modules. These modules can be combined easily and arbitrarily and thus, adapted to varying situations. Additionally, our framework can be applied in different runtime environments transparently. This enables an easy evaluation with meaningful and comparable results based on realistic large-scale scenarios, e.g. by using a network simulator.
Distack: A Framework for Distributed, Anomaly-based Attack Detection
|Thomas Gamer, Christoph P. Mayer||Large-scale Evaluation of Distributed Attack Detection||Mar 2009|
|Thomas Gamer, Christoph P. Mayer, Martina Zitterbart||Distack - A Framework for Anomaly-based Large-scale Attack Detection||Aug 2008|
|Christoph P. Mayer, Thomas Gamer, Martina Zitterbart||Towards Understanding the Global Behavior of DDoS Attacks - A Framework for Distributed Attack Detection and Beyond||Aug 2008|
|Thomas Gamer, Christoph P. Mayer||Distack: Framework zur einfachen Entwicklung von Mechanismen zur lokalen und verteilten Angriffserkennung||Apr 2008|