Visible to the public Malicious users discrimination in organizec attacks using structured sparsity

TitleMalicious users discrimination in organizec attacks using structured sparsity
Publication TypeConference Paper
Year of Publication2017
AuthorsYamacc, M., Sankur, B., Cemgil, A. T.
Conference Name2017 25th European Signal Processing Conference (EUSIPCO)
PublisherIEEE
ISBN Number978-0-9928626-7-1
Keywordscommunication network system, composability, compressive sensing, Computer crime, computer network security, Current measurement, DDoS, DDoS Attack Prevention, distributed attacks, flooding attack detection, flooding attack prevention, flooding-type DDOS attack, Human Behavior, Indexes, Internet telephony, malicious groups, malicious users discrimination, message transmission rate, Metrics, network domain, Network security, network server, organized attacks, pubcrawl, Resiliency, security, Servers, session initiation protocol, Signal processing algorithms, signaling, signalling protocols, SIP proxies, SIP servers, structured sparsity based group anomaly detection system, Synchronization, synchronized attack detection, transport layer, Voice over IP, VoIP systems
Abstract

Communication networks can be the targets of organized and distributed attacks such as flooding-type DDOS attack in which malicious users aim to cripple a network server or a network domain. For the attack to have a major effect on the network, malicious users must act in a coordinated and time correlated manner. For instance, the members of the flooding attack increase their message transmission rates rapidly but also synchronously. Even though detection and prevention of the flooding attacks are well studied at network and transport layers, the emergence and wide deployment of new systems such as VoIP (Voice over IP) have turned flooding attacks at the session layer into a new defense challenge. In this study a structured sparsity based group anomaly detection system is proposed that not only can detect synchronized attacks, but also identify the malicious groups from normal users by jointly estimating their members, structure, starting and end points. Although we mainly focus on security on SIP (Session Initiation Protocol) servers/proxies which are widely used for signaling in VoIP systems, the proposed scheme can be easily adapted for any type of communication network system at any layer.

URLhttps://ieeexplore.ieee.org/document/8081210/
DOI10.23919/EUSIPCO.2017.8081210
Citation Keyyamacc_malicious_2017