A Heuristic DDoS Flooding Attack Detection Mechanism Analyses based on the Relationship between Input and Output Traffic Volumes

Author

Fengxiang, Zhang ; Abe, Shunji

Author_Institution

Graduate Univ. for Adv. Studies, Tokyo

fYear

2007

fDate

13-16 Aug. 2007

Firstpage

798

Lastpage

802

Abstract

Nowadays various kinds of anomalies are prohibiting the widely used Internet from offering normal services. Within them a novel anomaly is caused by bandwidth attacks. To defense these threats many detecting schemes are essentially based on unidirectional checking of traffic changes. When legitimately abrupt changes appear, they might result in false alarms. In this paper we consider the problem from the bidirectional-traffic view and analyze the traffic characteristics by checking the input/output traffic characteristics of the protected network node. We have analyzed the relationship between input and output traffic volume pairs in the simulation traffic and studied them both under normal and abnormal cases. Based on these analyses, we´ve proposed a heuristic DDoS flooding attack detection method and showed a verifying simulation as well.

Keywords

Internet; telecommunication security; telecommunication traffic; Internet; bidirectional-traffic view; distributed denial of service; heuristic DDoS flooding attack detection mechanism input traffic volumes; output traffic volumes; protected network node; traffic characteristics; Analytical models; Bit rate; Computer crime; Face detection; Floods; Informatics; Telecommunication traffic; Traffic control; Web and internet services; Web server; Anomaly detection; DDoS flooding; Input-output traffic proportion; legitimately abrupt change;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Communications and Networks, 2007. ICCCN 2007. Proceedings of 16th International Conference on

Conference_Location

Honolulu, HI

ISSN

1095-2055

Print_ISBN

978-1-4244-1251-8

Electronic_ISBN

1095-2055

Type

conf

DOI

10.1109/ICCCN.2007.4317915

Filename

4317915