SPADE: Statistical packet acceptance defense engine

Shimrit Tzur-David; Harel Avissar; Danny Dolev; Tal Anker

doi:10.1109/HPSR.2010.5580287

SPADE: Statistical packet acceptance defense engine

Shimrit Tzur-David^*, Harel Avissar, Danny Dolev, Tal Anker

^*Corresponding author for this work

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

A security engine should detect network traffic attacks at line-speed. "Learning" capabilities can help detecting new and unknown threats even before a vulnerability is exploited. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies. This paper focuses on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detecting and preventing of attacks. The main challenges include minimizing the false-positive rate and the memory consumption. SPADE: a Statistical Packet Acceptance Defense Engine is presented. SPADE is an accurate engine that uses an hierarchical adaptive structure to detect suspicious traffic using a relatively small memory footprint, therefore can be easily applied on hardware. SPADE is based on the assumption that during DoS/DDoS attacks, a significant portion of the traffic that is seen belongs to the attack, therefore, SPADE applies a statistical mechanism to primarily filter the attack's traffic.

Original language	English
Title of host publication	2010 International Conference on High Performance Switching and Routing, HPSR 2010
Pages	119-126
Number of pages	8
DOIs	https://doi.org/10.1109/HPSR.2010.5580287
State	Published - 2010
Event	2010 International Conference on High Performance Switching and Routing, HPSR 2010 - Richardson, TX, United States Duration: 13 Jun 2010 → 16 Jun 2010

Publication series

Name	2010 International Conference on High Performance Switching and Routing, HPSR 2010

Conference

Conference	2010 International Conference on High Performance Switching and Routing, HPSR 2010
Country/Territory	United States
City	Richardson, TX
Period	13/06/10 → 16/06/10

Access to Document

10.1109/HPSR.2010.5580287

Cite this

@inproceedings{a20045992d184cefacda5d1bbc61fca9,

title = "SPADE: Statistical packet acceptance defense engine",

abstract = "A security engine should detect network traffic attacks at line-speed. {"}Learning{"} capabilities can help detecting new and unknown threats even before a vulnerability is exploited. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies. This paper focuses on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detecting and preventing of attacks. The main challenges include minimizing the false-positive rate and the memory consumption. SPADE: a Statistical Packet Acceptance Defense Engine is presented. SPADE is an accurate engine that uses an hierarchical adaptive structure to detect suspicious traffic using a relatively small memory footprint, therefore can be easily applied on hardware. SPADE is based on the assumption that during DoS/DDoS attacks, a significant portion of the traffic that is seen belongs to the attack, therefore, SPADE applies a statistical mechanism to primarily filter the attack's traffic.",

author = "Shimrit Tzur-David and Harel Avissar and Danny Dolev and Tal Anker",

year = "2010",

doi = "10.1109/HPSR.2010.5580287",

language = "אנגלית",

isbn = "9781424469710",

series = "2010 International Conference on High Performance Switching and Routing, HPSR 2010",

pages = "119--126",

booktitle = "2010 International Conference on High Performance Switching and Routing, HPSR 2010",

note = "2010 International Conference on High Performance Switching and Routing, HPSR 2010 ; Conference date: 13-06-2010 Through 16-06-2010",

}

Tzur-David, S, Avissar, H, Dolev, D & Anker, T 2010, SPADE: Statistical packet acceptance defense engine. in 2010 International Conference on High Performance Switching and Routing, HPSR 2010., 5580287, 2010 International Conference on High Performance Switching and Routing, HPSR 2010, pp. 119-126, 2010 International Conference on High Performance Switching and Routing, HPSR 2010, Richardson, TX, United States, 13/06/10. https://doi.org/10.1109/HPSR.2010.5580287

SPADE: Statistical packet acceptance defense engine. / Tzur-David, Shimrit; Avissar, Harel; Dolev, Danny et al.
2010 International Conference on High Performance Switching and Routing, HPSR 2010. 2010. p. 119-126 5580287 (2010 International Conference on High Performance Switching and Routing, HPSR 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SPADE

T2 - 2010 International Conference on High Performance Switching and Routing, HPSR 2010

AU - Tzur-David, Shimrit

AU - Avissar, Harel

AU - Dolev, Danny

AU - Anker, Tal

PY - 2010

Y1 - 2010

N2 - A security engine should detect network traffic attacks at line-speed. "Learning" capabilities can help detecting new and unknown threats even before a vulnerability is exploited. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies. This paper focuses on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detecting and preventing of attacks. The main challenges include minimizing the false-positive rate and the memory consumption. SPADE: a Statistical Packet Acceptance Defense Engine is presented. SPADE is an accurate engine that uses an hierarchical adaptive structure to detect suspicious traffic using a relatively small memory footprint, therefore can be easily applied on hardware. SPADE is based on the assumption that during DoS/DDoS attacks, a significant portion of the traffic that is seen belongs to the attack, therefore, SPADE applies a statistical mechanism to primarily filter the attack's traffic.

AB - A security engine should detect network traffic attacks at line-speed. "Learning" capabilities can help detecting new and unknown threats even before a vulnerability is exploited. The principal way for achieving this goal is to model anticipated network traffic behavior, and to use this model for identifying anomalies. This paper focuses on denial of service (DoS) attacks and distributed DoS (DDoS). Our goal is detecting and preventing of attacks. The main challenges include minimizing the false-positive rate and the memory consumption. SPADE: a Statistical Packet Acceptance Defense Engine is presented. SPADE is an accurate engine that uses an hierarchical adaptive structure to detect suspicious traffic using a relatively small memory footprint, therefore can be easily applied on hardware. SPADE is based on the assumption that during DoS/DDoS attacks, a significant portion of the traffic that is seen belongs to the attack, therefore, SPADE applies a statistical mechanism to primarily filter the attack's traffic.

UR - http://www.scopus.com/inward/record.url?scp=78149278703&partnerID=8YFLogxK

U2 - 10.1109/HPSR.2010.5580287

DO - 10.1109/HPSR.2010.5580287

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:78149278703

SN - 9781424469710

T3 - 2010 International Conference on High Performance Switching and Routing, HPSR 2010

SP - 119

EP - 126

BT - 2010 International Conference on High Performance Switching and Routing, HPSR 2010

Y2 - 13 June 2010 through 16 June 2010

ER -

SPADE: Statistical packet acceptance defense engine

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this