1. Scenario: Internet Attack Eunice Huang

2. What is DDoS? A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users Distributed denial-of-service attack (DDoS) attack

3. “A Hybrid Approach to Efficient Detection of Distributed Denial-of-Service Attacks” Change-Point Detection

4. : observation : pre-attack mean : standard deviation : design parameter

5. Change-Point Detection

6. “A Hybrid Approach to Efficient Detection of Distributed Denial-of-Service Attacks” Change-Point Detection Spectral Analysis –Want to minimize the tradeoff between false alarm rate and average delay time

7. Spectral Analysis Packet trace Time series Fast Fourier Transform on the autocorrelation function Frequency Domain Compare with expected attack frequencies

8. “A Hybrid Approach to Efficient Detection of Distributed Denial-of-Service Attacks” Change-Point Detection –Want to minimize the tradeoff between false alarm rate and average delay time Spectral Analysis – Expensive and slow, but very accurate

9. “A Hybrid Approach to Efficient Detection of Distributed Denial-of-Service Attacks” C ombining both methods, we could use change-point detection to detect initial abnormal behavior with low detection delay but higher false alarm rate, then filter the false alarms by performing spectral analysis. Key Idea:

10. Demo Goal: Create a simulation of the detection process Dataset: a five-minute long artificially generated trace with background traffic of 196Mbps and uniform attack with bitrate 125 Mbps (Provided by the USC/LANDER project) Coding: bash scripting, Matlab

11. Demo

12. Continuing Work Spectral Analysis Run the simulation in real-time Find out more information on how the cyberspace in LA is being monitored and what systems are connected with the network and vulnerable to attacks