Denial-of-service (DoS) detection techniques - such as activity profiling, changepoint detection, and wavelet - based signal analysis - face the considerable challenge of discriminating network-based flooding attacks from sudden increases in legitimate activity or flash events. This survey of techniques and testing results provides insight into our ability to successfully identify DoS flooding attacks. Although each detector shows promise in limited testing, none completely solve the detection problem. Combining various approaches with experienced network operators will most likely produce the best results.
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications