Denial of Service (DoS) attacks are a category of long-standing problems in computer security. In simple terms, the adversary aims for violating one of the basic security principles, which is availability. DoS can happen at the operating system level as well as the network level. Over decades, there has been numerous studies showing methods to carry on an attack on a protocol or a famous operating system service. In contrast, there have been many attempts to combat DoS attacks some of which are now standard methods. We have previously studied randomization as a defense against such attacks. For example, we showed that randomizing IP addresses of target servers may not always result in an effective defense, when using IP address allocation in cloud-basd services. One such method is anomaly detection. In anomaly detection, the idea is to profile normal user behavior and compare it against anomalous behavior. This method has been challenged by advanced attack profiles such as camouflage and slowloris attacks. The central problem with anomaly detection is the attacker's ability to adapt to the new conditions and subvert the defense.
In this project, we investigate application-leyer DoS detection. We specifically, want to develop rigorous methods for autonomous decision-making in DoS detection. This requires generic ways that can handle critical attack profiles.