Title :
Flooding attacks detection in traffic of backbone networks
Author :
Salem, Osman ; Makke, Ali ; Tajer, Jean ; Mehaoua, Ahmed
Author_Institution :
Lab. d´´Inf. Paris Descartes, Univ. of Paris Descartes, Paris, France
Abstract :
Internet services are vulnerable to flooding attacks that lead to denial of service. This paper proposes a new framework to detect anomalies and to provide early alerts for flooding attacks in backbone networks. Thus allow to quickly react in order to prevent the flooding attacks from strangling the victim server and its access network. The proposed detection scheme is based on the application of Least Mean Square (LMS) filter and Pearson Chi-square divergence on randomly aggregated flows in Sketch data structure. Instead of analyzing one time series for overall traffic, random aggregation of flows is used to investigate a fixed number of time series for grained analysis. Least mean square filter is used to predict the next value of the time series based on previous values, and Pearson Chi- square divergence is used to measure the deviations between the current and estimated probability distributions. We evaluate our approach using publicly available real IP traces (MAWI) collected from the WIDE backbone network, on trans-Pacific transit link between Japan and USA. Our experimental results show that the proposed approach outperforms existing techniques in terms of detection accuracy and false alarm rate. It is able to detect low intensity attacks covered by the large number of traffic in high speed network.
Keywords :
Internet; least mean squares methods; network servers; security of data; subscriber loops; telecommunication services; telecommunication traffic; Internet services; Japan; Pearson chi-square divergence; USA; access network; backbone network traffic; denial of service; detection accuracy; false alarm rate; flooding attacks detection; least mean square filter; probability distributions; random aggregation; randomly aggregated flows; real IP traces; sketch data structure; time series; trans-Pacific transit link; victim server; Data structures; IP networks; Monitoring; Probability distribution; Radiation detectors; Time series analysis; Vectors; Anomaly detection; BOTNET; Chi-Square divergence; DDoS; Intrusion Detection System; Least Mean Square; SYN flooding; Sketch;
Conference_Titel :
Local Computer Networks (LCN), 2011 IEEE 36th Conference on
Conference_Location :
Bonn
Print_ISBN :
978-1-61284-926-3
DOI :
10.1109/LCN.2011.6115504