Proceedings. The IEEE/ACS International Conference on Pervasive Services (2004)
July 23, 2004 to July 23, 2004
Guangzhi Qu , ITL Lab., Arizona Univ., AZ, USA
S. Hariri , ITL Lab., Arizona Univ., AZ, USA
S. Jangiti , ITL Lab., Arizona Univ., AZ, USA
S. Hussain , ITL Lab., Arizona Univ., AZ, USA
Seungchan Oh , ITL Lab., Arizona Univ., AZ, USA
S. Fayssal , ITL Lab., Arizona Univ., AZ, USA
Internet has been growing at an amazing rate and it becomes pervasive in all aspects of our life. On the other hand, the ubiquity of networked computers and their services has significantly increased their vulnerability to virus and worm attacks. To make pervasive systems and their services reliable and secure it becomes highly essential to develop on-line monitoring, analysis, and quantification of the operational state of such systems and services under a wide range of normal and abnormal workload scenarios. We prevent several abnormality metrics that can be used to detect abnormal behaviors and also can be used to quantify the impact of attach on pervasive system sendees. Our online monitoring approach is based on deploying software agents on selected routers, clients and servers to continuously monitor the measurement attributes and compute the abnormality metrics. Further, we use this metrics to quantify the impact of attacks on the individual components and on the system as a whole. This analysis leads to identify the most critical components in the system. We have built a test bed to experiment and evaluate the effectiveness of these metrics to detect several well-known network attacks such as MS SQL slammer worm attack, Denial of Service attack, and email worm spam.
computer network management, Internet, ubiquitous computing, invasive software, software agents
Guangzhi Qu et al., "Abnormality metrics to detect and protect against network attacks," Proceedings. The IEEE/ACS International Conference on Pervasive Services(PERSER), Beirut, Lebanon, , pp. 105-111.