This work is funded in part by the E.C. through IST project SCAMPI (IST-2001-32404), and a research grant from FORTHnet S.A.

Objectives

This work investigates procedures for detecting DoS attacks, and defence models for mitigating the service disruption caused by Distributed DoS attacks. In the area DoS attack detection, we investigate the application of statistical anomaly detection algorithms for detecting Denial of Service (DoS) attacks, and SYN flooding attacks in particular. In the area of defense models, we investigate deterministic packet marking algorithms which provide a common characterization of traffic streams in order to assist the detection and filtering of attack traffic.

People

• Vasilios Siris, ICS-FORTH
• Ilias Stavrakis, ICS-FORTH

Links

• IST Project SCAMPI ("A Scaleable Monitoring Platform for the Internet") Web site
• CARV Lab's research on Intrusion Detection Systems

Papers

• "Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks". In Proc. of IEEE Globecom 2004 (Security and Network Management Symposium), November 2004.
• "Provider-Based Deterministic Packet Marking Against Distributed DoS Attacks". ICS-FORTH, November 2004.

Presentations

• "Denial of Service and Anomaly Detection". Measurement BoF, Terena Networking Conference, Zagreb, Croatia, 21 May 2003.

For more info: Vasilios Siris Tel: +30 2810 391726 Email: vsiris "at" ics "dot" forth "dot" gr