Abstract

In this paper, we describe a new approach for the real-time detection of denial of service computer attacks using timedependent deterministic finite automata. Current networkbased intrusion detection systems employ state-transition based methods as a primary mean to detecting system penetrations and misuse as well. However, we utilize the time intervals between certain event occurrences [as defined in our automaton] to improve the accuracy of detecting specific denial of service attacks. Unlike some other detection systems, our design also lends itself to a distributed detection architecture, permitting non-obtrusive attack signature updating and operating system portability. This paper discusses the implementation of our prototype along with results from its test evaluation using publicly available data.