Malicious users discrimination in organizec attacks using structured sparsity
| Title | Malicious users discrimination in organizec attacks using structured sparsity |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Yamacc, M., Sankur, B., Cemgil, A. T. |
| Conference Name | 2017 25th European Signal Processing Conference (EUSIPCO) |
| Publisher | IEEE |
| ISBN Number | 978-0-9928626-7-1 |
| Keywords | communication network system, composability, compressive sensing, Computer crime, computer network security, Current measurement, DDoS, DDoS Attack Prevention, distributed attacks, flooding attack detection, flooding attack prevention, flooding-type DDOS attack, Human Behavior, Indexes, Internet telephony, malicious groups, malicious users discrimination, message transmission rate, Metrics, network domain, Network security, network server, organized attacks, pubcrawl, Resiliency, security, Servers, session initiation protocol, Signal processing algorithms, signaling, signalling protocols, SIP proxies, SIP servers, structured sparsity based group anomaly detection system, Synchronization, synchronized attack detection, transport layer, Voice over IP, VoIP systems |
| Abstract | Communication networks can be the targets of organized and distributed attacks such as flooding-type DDOS attack in which malicious users aim to cripple a network server or a network domain. For the attack to have a major effect on the network, malicious users must act in a coordinated and time correlated manner. For instance, the members of the flooding attack increase their message transmission rates rapidly but also synchronously. Even though detection and prevention of the flooding attacks are well studied at network and transport layers, the emergence and wide deployment of new systems such as VoIP (Voice over IP) have turned flooding attacks at the session layer into a new defense challenge. In this study a structured sparsity based group anomaly detection system is proposed that not only can detect synchronized attacks, but also identify the malicious groups from normal users by jointly estimating their members, structure, starting and end points. Although we mainly focus on security on SIP (Session Initiation Protocol) servers/proxies which are widely used for signaling in VoIP systems, the proposed scheme can be easily adapted for any type of communication network system at any layer. |
| URL | https://ieeexplore.ieee.org/document/8081210/ |
| DOI | 10.23919/EUSIPCO.2017.8081210 |
| Citation Key | yamacc_malicious_2017 |
- signaling
- network security
- network server
- organized attacks
- pubcrawl
- Resiliency
- security
- Servers
- session initiation protocol
- Signal processing algorithms
- network domain
- signalling protocols
- SIP proxies
- SIP servers
- structured sparsity based group anomaly detection system
- Synchronization
- synchronized attack detection
- transport layer
- Voice over IP
- VoIP systems
- flooding attack prevention
- composability
- compressive sensing
- Computer crime
- computer network security
- Current measurement
- DDoS
- DDoS Attack Prevention
- distributed attacks
- flooding attack detection
- communication network system
- flooding-type DDOS attack
- Human behavior
- Indexes
- Internet telephony
- malicious groups
- malicious users discrimination
- message transmission rate
- Metrics