Worm propagation modeling and analysis under dynamic quarantine defense
Proceedings of the 2003 ACM workshop on Rapid malcode
| Hi-index | 0.00 |
While there are many ongoing research efforts for Denial-of-Service (DoS) attacks in the general Internet environment, there is insufficient research on voice networks. In this paper, we present the design and evaluation of a SIP-TRW algorithm for detection of DDoS attack traffic in VoIP networks. We analyzed existing TRW algorithms for detection of DDoS attacks in the Internet. In order to apply existing algorithms to voice networks, we designed connection establishment and release processes, and defined the probability function. In order to verify the proposed algorithm, we determined the threshold value and defined the variables for the virtual traffic and the environment. Numerical results from the equation showed that there is 70% probability that the connection will break. It also showed that attacks will be detected within 1.2 seconds when the rate of attack is 10 packets per second. The detection time is within 0.5 seconds when the rate is 20 packets per second. We used NS-2 simulators to measure detection ratio by attack traffic type, and the detection time by attack speed. The results showed that detection took 4.3 seconds when one INVITE packet was sent every 0.1 seconds. The proposed algorithm detected 13280 out of 15000 different attack types, resulting in an 89% detection ratio.