Please enable JavaScript.
Coggle requires JavaScript to display documents.
IDPS, DOS attacks - Coggle Diagram
IDPS
Anomaly based
Slow, takes time
ML based prediction
Detects new attacks
No Database
Problems to tacke
Size of Database to store attack signatures
False positive rate
Packet fragmentation
Obfuscation
Signature Based
fast detection
Can't detect new attacks
DB of attack signatures
Firewall policy
NAT, PAT
Content filtering: block certain files
Block certain IPs
Tools
Snort IDS
IPS Blade
Checkpoint Firewall
Hybrid System
Advantages
improved accuracy
detects new attacks
fast detection compared to anomaly
IDS
IPS
Honeypot integration ?
DOS attacks
Types
HTTP Dos
DDos
SYN flood
ICMP Ping flood
SlowDoS
Slowloris
Memory DOS ?
Detection Methods
attack graphs ?
Statistical methods
Entropy Analysis
Training friendly and unfriendly packets
Pattern/signature matching of known attacks
monitor for change in normal traffic behaviour
ML based prediction techniques
Parameters
TCP Congestion window size
Source IP
Port number
Bandwidth and frequency
Tools that could be used
hping3
ping
Focus on SDN networks
Aimed at host and network IDS