• DocumentCode
    3100834
  • Title

    Fine-Grained DDoS Detection Scheme Based on Bidirectional Count Sketch

  • Author

    Liu, Haiqin ; Sun, Yan ; Kim, Min Sik

  • fYear
    2011
  • fDate
    July 31 2011-Aug. 4 2011
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    Over the past decade, various intrusion detection and prevention systems have been proposed to detect DDoS attacks and mitigate the caused damage. However, many existing IDS systems still keep per-flow state to detect anomaly, and thus do not scale with link speeds in multi-gigabit networks. In this paper, we present a two-level approach for scalable and accurate DDoS attack detection by exploiting the asymmetry in the attack traffic. In the coarse level, we use a modified count-min sketch (MCS) for fast detection, and in the fine level, we propose a bidirectional count sketch (BCS) to achieve better accuracy. At both detection levels, sketch structures are utilized to ensure the scalability of our scheme. The main advantage of our approach is that it can track the victims of attacks without recording every IPaddress found in the traffic. Our scheme can save over 90% key storage. Such feature is significant for the detection in the highspeed environment. Experimental results using the real Internet traffic show that our approach is able to quickly detect anomaly events and track those victims with a high level of accuracy.
  • Keywords
    Accuracy; Computer crime; Electronics packaging; IP networks; Memory management; Radiation detectors; Servers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference on
  • Conference_Location
    Lahaina, HI, USA
  • ISSN
    1095-2055
  • Print_ISBN
    978-1-4577-0637-0
  • Type

    conf

  • DOI
    10.1109/ICCCN.2011.6006023
  • Filename
    6006023