Name
Abstract | ||
|---|---|---|
Science DMZs are specialized networks that enable large-scale distributed scientific research, providing efficient and guaranteed performance while transferring large amounts of data at high rates. The high-speed performance of a Science DMZ is made viable via data transfer nodes (DTNs), therefore they are a critical point of failure. DTNs are usually monitored with network intrusion detection systems (NIDS). However, NIDS do not consider system performance data, such as network I/O interrupts and context switches, which can also be useful in revealing anomalous system performance potentially arising due to external network based attacks or insider attacks. In this paper, we demonstrate how system performance metrics can be applied towards securing a DTN in a Science DMZ network. Specifically, we evaluate the effectiveness of system performance data in detecting TCP-SYN flood attacks on a DTN using DBSCAN (a density-based clustering algorithm) for anomaly detection. Our results demonstrate that system interrupts and context switches can be used to successfully detect TCP-SYN floods, suggesting that system performance data could be effective in detecting a variety of attacks not easily detected through network monitoring alone. |
Year | DOI | Venue |
|---|---|---|
2020 | 10.1109/ICNC47757.2020.9049695 | 2020 International Conference on Computing, Networking and Communications (ICNC) |
Keywords | DocType | ISSN |
Science DMZ,data transfer node,high-performance computing,system performance metrics,anomaly detection,DoS attack,computer security,machine learning,scientific workflows,DBSCAN,clustering | Conference | 2325-2626 |
ISBN | Citations | PageRank |
978-1-7281-4906-6 | 0 | 0.34 |
References | Authors | |
9 | 5 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ross K. Gegan | 1 | 0 | 0.68 |
| Christina Mao | 2 | 0 | 0.34 |
| Dipak Ghosal | 3 | 2848 | 163.40 |
| Matt Bishop | 4 | 1022 | 135.17 |
| Sean Peisert | 5 | 246 | 31.44 |