A Novel Embedded Accelerator for Online Detection of Shrew DDoS Attacks

As one type of stealthy and hard-to-detect attack, low-rate TCP-targeted DDoS attack can seriously throttle the throughput of normal TCP flows for a long time without being noticed. The Power Spectral Density (PSD) analysis in frequency domain can detect this type of attack accurately. However, computational complexity of PSD analysis makes it impossible for software implementation at high speed network. Taking advantages of powerful computing capability and software-like flexibility, an embedded accelerator using FPGA for PSD analysis has been proposed. Optimized design in autocorrelation calculation algorithm and DFT processing distinguishes our scheme more meaningful for high speed real-time processing with limited resources. Simulation verifies that even working at very low system clock frequency, our design can still provide quality-service for malicious detection in multi-gigabyte rate network.