Title :
Detecting Distributed Denial of Service Attack Traffic at the Agent Machines
Author :
Laurens, Vicky ; Saddik, Abdulmotaleb El ; Dhar, Pulak ; Srivastava, Vineet
Author_Institution :
Multimedia Commun. Res. Lab., Ottawa Univ., Ont.
Abstract :
Due to financial losses caused by distributed denial of service (DDoS) attacks, most defence mechanisms have been deployed at the network where the target server is located. We believe this paradigm should change in order to tackle the DDoS threat in its basis: thwart agent machines participation in DDoS attacks. Our proposal consists of developing an agent to monitor the packet traffic rate (outgoing packets/incoming packets). Our first deployment is based upon characterizing TCP connections; normal TCP connections can be characterized by the ratio of the sent packets to the received packets from a given destination. Preliminary results have shown that the traffic ratio values usually present larger values at the beginning of the run when there are not enough packets to make a decision on whether or not traffic is legitimate. A low value for threshold allows for faster attack detection, but it also increases the number of false-positives
Keywords :
Internet; security of data; telecommunication security; telecommunication traffic; transport protocols; TCP connections; defence mechanisms; distributed denial of service attack; financial losses; packet traffic rate monitoring; target server; thwart agent machines; Computer crime; Computer worms; Floods; Internet; Monitoring; Multimedia communication; Proposals; Recruitment; Telecommunication traffic; Web server; DDoS; Internet security; Traffic monitoring;
Conference_Titel :
Electrical and Computer Engineering, 2006. CCECE '06. Canadian Conference on
Conference_Location :
Ottawa, Ont.
Print_ISBN :
1-4244-0038-4
Electronic_ISBN :
1-4244-0038-4
DOI :
10.1109/CCECE.2006.277826
