An asynchronous classifier of network flows was developed to detect Slowloris attacks. This classifier was implemented using random forests and its effectiveness was measured by the area under the ROC curve. These random forests were trained from a public dataset. We sought to minimize the number of necessary features that are required to analyze the flows satisfactorily. Finally, it was shown that the chosen features can be used individually to obtain reliable detections in the classifier, with two of the three individual features having an area under the curve greater than 0.95.
Tipo de publicación: Conference Paper
Publicado en: 2021 IEEE V Jornadas Costarricenses de Investigación en Computación e Informática (JoCICI)