Div 7 Seminar - C. -C. (Jay) Kuo (USC- EE dept)

Thursday, February 10, 2005
11:00 am
11th floor large conference room

On Detecting TCP SYN Flooding Attack

Detection of TCP SYN flooding attack in aggregate traffic has several advantages over the end-node based approaches. The detection scheme consists of two process, observation process and decision process. The observation process uses the protocol behavior of TCP SYN-FIN (RST) pairs to provide some information with the decision process which can decide the occurrence of the attack based on the information after an observation period. However, the observation process suffers the background noises caused by long-lived connections and passive RST packets. To reduce the noise, the normalized residue sequences and partial completion filters (PCF) have been considered in the observation process. In the decision process, cumulative sum (CUSUM) method and a simple anomaly detection using one threshold have been proposed. To achieve more refined detection capability, HMM-based detection scheme is proposed in the decision process. We model the Internet traffic using a hidden Markov model (HMM). Different traffic patterns corresponding to the normal traffic, the low-rate attack and the high-rate attack are used to train them so that we can obtain several different HMMs. The several HMMs are expected to overcome the drawback that the detection scheme using a threshold has some problems caused by low threshold or high threshold. The performance of each combination is evaluated via trace-driven simulations in terms of the detection time and detection probability.

Bio

Dr. C.-C. Jay Kuo received the B.S. degree from the National Taiwan University, Taipei, in 1980 and the M.S. and Ph.D. degrees from the Massachusetts Institute of Technology, Cambridge, in 1985 and 1987, respectively, all in Electrical Engineering. He is with the Department of Electrical Engineering, the Signal and Image Processing Institute (SIPI) and the Integrated Media Systems Center (IMSC) at the University of Southern California (USC) as Professor of Electrical Engineering and Mathematics. His research interests are in the areas of digital media processing, multimedia compression, communication and networking technologies, and embedded multimedia system design. Dr. Kuo is a Fellow of IEEE and SPIE. He received the National Science Foundation Young Investigator Award (NYI) and Presidential Faculty Fellow (PFF) Award in 1992 and 1993, respectively.

Dr. Kuo has guided 58 students to their Ph.D. degrees and supervised 15 postdoctoral research fellows. Currently, his research group at USC consists around 30 Ph.D. students and 5 postdoctors (please visit website http://viola.usc.edu), which is one of the largest academic research groups in multimedia technologies. He is a co-author of more than 700 technical publications in international conferences and journals as well as the following seven books. Dr. Kuo is Editor-in-Chief for the Journal of Visual Communication and Image Representation, and Editor for the Journal of Information Science and Engineering and the RURASIP Journal of Applied Signal Processing. He is also on the Editorial Board of the IEEE Signal Processing Magazine. He served as Associate Editor for IEEE Transactions on Image Processing in 1995-98, IEEE Transactions on Circuits and Systems for Video Technology in 1995-1997 and IEEE Transactions on Speech and Audio Processing in 2001-2003.