Implementation and Analysis of DoS Attack Detection Algorithms

Intrusion detection systems have been traditionally classified in three categories viz. Signature Based IDS, Anomaly Based IDS and Hybrid IDS. Each one of these have their own advantages and disadvantages. The anomaly based IDS can detect novel attacks without knowing the actual payload contents if tuned correctly. Anomaly based IDS depends on the rate of data packets at the interface. But the main drawback of using anomaly based IDS is it can produce large number of false positives. The signature based IDS while not producing false positives cannot detect new attacks until its database is updated. The hybrid IDS combines features of both the anomaly based and signature based IDS. In this paper, we discuss the implementation of the each type the IDS. And also we measure the performance of the IDS based on RAM utilization and shows that out detection algorithm consumes less RAM compared to SNORT. Other parameters of analysis are left for future research work.