Introduction to Grey system theory
The Journal of Grey System
C4.5: programs for machine learning
C4.5: programs for machine learning
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Towards trapping wily intruders in the large
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Machine Learning
NCA '03 Proceedings of the Second IEEE International Symposium on Network Computing and Applications
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Harpoon: a flow-level traffic generator for router and network tests
Proceedings of the joint international conference on Measurement and modeling of computer systems
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Statistical-Based SYN-Flooding Detection Using Programmable Network Processor
ICITA '05 Proceedings of the Third International Conference on Information Technology and Applications (ICITA'05) Volume 2 - Volume 02
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
SWAT: Small World-based Attacker Traceback in Ad-hoc Networks
MOBIQUITOUS '05 Proceedings of the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SEER: a security experimentation EnviRonment for DETER
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Accurate ICMP TraceBack Model under DoS/DDoS Attack
ADCOM '07 Proceedings of the 15th International Conference on Advanced Computing and Communications
Adaptive distributed mechanism against flooding network attacks based on machine learning
Proceedings of the 1st ACM workshop on Workshop on AISec
A Puzzle-Based Defense Strategy Against Flooding Attacks Using Game Theory
IEEE Transactions on Dependable and Secure Computing
A packet marking scheme for IP traceback
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Top-down induction of decision trees classifiers - a survey
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
A DDoS attack detection mechanism based on protocol specific traffic features
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
International Journal of Ad Hoc and Ubiquitous Computing
| Hi-index | 0.00 |
In Distributed Denial-of-Service (DDoS) Attack, an attacker breaks into many innocent computers (called zombies). Then, the attacker sends a large number of packets from zombies to a server, to prevent the server from conducting normal business operations. We design a DDoS-detection system based on a decision-tree technique and, after detecting an attack, to trace back to the attacker's locations with a traffic-flow pattern-matching technique. Our system could detect DDoS attacks with the false positive ratio about 1.2-2.4%, false negative ratio about 2-10%, and find the attack paths in traceback with the false negative rate 8-12% and false positive rate 12-14%.