Author(s)

Zhiwen Wang, Qin Xia, Ke Lu

Xi’an Jiaotong University.

The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing new techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks and to take action to weaken those attacks appropriately before they have had time to propagate across the network. In this paper, we propose an SNMP MIB oriented approach for detecting attacks, which is based on two-tier GCT by analyzing causal relationship between attacking variable at the attacker and abnormal variable at the target. According to the abnormal behavior at the target, GCT is executed initially to determine preliminary attacking variable, which has whole causality with abnormal variable in network behavior. Depending on behavior feature extracted from abnormal behavior, we can recognize attacking variable by using GCT again, which has local causality with abnormal variable in local behavior. Proactive detecting rules can be constructed with the causality between attacking variable and abnormal variable, which can be used to give alarms in network management system. The results of experiment showed that the approach with two-tier GCT was proved to detect attacks early, with which attack propagation could be slowed through early detection.

Network Behavior, Attack Detection, Granger Causality Test, Management Information Base

Z. Wang, Q. Xia and K. Lu, "Two-Tier GCT Based Approach for Attack Detection," Journal of Software Engineering and Applications, Vol. 1 No. 1, 2008, pp. 60-67. doi: 10.4236/jsea.2008.11009.