Graphical models for machine learning and digital communication
Graphical models for machine learning and digital communication
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Perimeter-Based Defense against High Bandwidth DDoS Attacks
IEEE Transactions on Parallel and Distributed Systems
DDoS Attack Detection Algorithm Using IP Address Features
FAW '09 Proceedings of the 3d International Workshop on Frontiers in Algorithmics
Trust based traffic monitoring approach for preventing denial of service attacks
Proceedings of the 2nd international conference on Security of information and networks
Secured and trusted three-tier grid architecture
International Journal of Ad Hoc and Ubiquitous Computing
DDoS flooding attack detection scheme based on F-divergence
Computer Communications
Hi-index | 0.00 |
In recent years, distributed denial of service (DDoS) attacks have become a major security threat to Internet services. How to detect and defend against DDoS attacks is currently a hot topic in both industry and academia. In this paper, we propose a novel framework to robustly and efficiently detect DDoS attacks and identify attack packets. The key idea of our framework is to exploit spatial and temporal correlation of DDoS attack traffic. In this framework, we design a perimeter-based anti-DDoS system, in which traffic is analyzed only at the edge routers of an internet service provider (ISP) network. Our framework is able to detect any source-address-spoofed DDoS attack, no matter whether it is a low-volume attack or a high-volume attack. The novelties of our framework are (1) temporal-correlation based feature extraction and (2) spatial-correlation based detection. With these techniques, our scheme can accurately detect DDoS attacks and identify attack packets without modifying existing IP forwarding mechanisms at routers. Our simulation results show that the proposed framework can detect DDoS attacks even if the volume of attack traffic on each link is extremely small. Especially, for the same false alarm probability, our scheme has a detection probability of 0.97, while the existing scheme has a detection probability of 0.17, which demonstrates the superior performance of our scheme.