Title :
Detecting Flooding-Based DDoS Attacks
Author :
Yonghua You ; Zulkernine, Mohammad ; Haque, Ashraful
Author_Institution :
Queen´s Univ., Kingston
Abstract :
A distributed denial of service (DDoS) attack is widely regarded as a major threat for the current Internet because of its ability to create a huge volume of unwanted traffic. It is hard to detect and respond to DDoS attacks due to large and complex network environments. In this paper, we introduce two distance-based DDoS detection techniques: average distance estimation and distance-based traffic separation. They detect attacks by analyzing distance values and traffic rates. The distance information of a packet can be inferred from the time- to-live (TTL) value of the IP header. In the average distance estimation DDoS detection technique, the prediction of mean distance value is used to define normality. The prediction of traffic arrival rates from different distances is used in the distance-based traffic separation DDoS detection technique. The mean absolute deviation (MAD)-based deviation model provides the legal scope to separate the normality from the abnormality for both the techniques. The results obtained from the NS2-based simulations of the proposed techniques show that the techniques can detect attacks
Keywords :
Internet; telecommunication security; telecommunication traffic; IP header; Internet; average distance estimation; distance-based traffic separation; distributed denial of service; flooding-based DDoS attacks; time- to-live value; traffic arrival rates; Communication system traffic control; Communications Society; Complex networks; Computer crime; Distributed computing; Law; Network topology; Telecommunication traffic; Traffic control; Web and internet services;
Conference_Titel :
Communications, 2007. ICC '07. IEEE International Conference on
Conference_Location :
Glasgow
Print_ISBN :
1-4244-0353-7
DOI :
10.1109/ICC.2007.208
