• DocumentCode
    2210014
  • Title

    A new way to detect DDoS attacks within single router

  • Author

    Yan, Ruoyu ; Zheng, Qinghua ; Niu, Guolin ; Gao, Sheng

  • Author_Institution
    Dept. of Comput. Sci. & Technol., Xi´´an Jiaotong Univ., Xi´´an, China
  • fYear
    2008
  • fDate
    19-21 Nov. 2008
  • Firstpage
    1192
  • Lastpage
    1196
  • Abstract
    Different from other research work focusing on network-wide traffic, the traffic we focus on for analysis is that of a traffic state viewed from a router¿s interior. In this paper, at first, a kind of Port-to-Port traffic in a router is introduced, which we call IF flow. IF flows can amplify the ratio of attack traffic to normal traffic. Then RLS (recursive least square) filter is used to predict IF flows. After that, a statistical method using residual filtered process is proposed to detect anomalies. Finally we respectively apply the method to three types of traffics: IF flows, input links and output links within a router, and compare the anomaly detection results using ROC curves. Results show that IF flows are more powerful than input links and output links in DDoS attacks detection.
  • Keywords
    recursive filters; routing protocols; security of data; telecommunication congestion control; telecommunication security; DDoS attack detection; ROC curves; anomaly detection; network-wide traffic; port-to-port traffic; recursive least square filter; residual filtered process; router interior; single router; statistical method; traffic state; Computer crime; Computer science; Filters; History; Large-scale systems; Least squares methods; Resonance light scattering; Statistical distributions; Telecommunication traffic; Web and internet services; anomaly detection; distributed denial of service; recursive least square; router-wide traffic analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communication Systems, 2008. ICCS 2008. 11th IEEE Singapore International Conference on
  • Conference_Location
    Guangzhou
  • Print_ISBN
    978-1-4244-2423-8
  • Electronic_ISBN
    978-1-4244-2424-5
  • Type

    conf

  • DOI
    10.1109/ICCS.2008.4737371
  • Filename
    4737371
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2210014