Detection and analysis of low-rate attacks using network traffic analysis

Author

Nagasai Deepak Matta, Mississippi State UniversityFollow

Advisor

Gudla, Charan

Committee Member

Trawick, George

Committee Member

Young, Maxwell

Date of Degree

8-13-2024

Original embargo terms

Visible MSU Only 2 Years

Document Type

Graduate Thesis - Campus Access Only

Major

Cybersecurity & Operations

Degree Name

Master of Science (M.S.)

College

James Worth Bagley College of Engineering

Department

Department of Computer Science and Engineering

Abstract

In this study, I used a dataset that contains low-rate and SYN flood traffic which was generated by a test bed to simulate a Slow DoS attack, stressing a local server by initiating several HTTP POST connections and causing the request payloads to be transmitted slowly. The attack causes problems including interrupted access and noticeably decreased network performance by sending a large number of little packets slowly, which keeps connections open and overloads server resources. I filtered traffic using Wireshark based on factors including tiny payloads, a lot of SYN packets without ACKs, high initial RTTs, small window sizes, and noticeable intervals between packets. Then, using these data, I ran a custom script I had created on the pcap files to identify possible attack sessions

Recommended Citation

Matta, Nagasai Deepak, "Detection and analysis of low-rate attacks using network traffic analysis" (2024). Theses and Dissertations. 6300.
https://scholarsjunction.msstate.edu/td/6300