Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Resisting SYN flood DoS attacks with a SYN cache
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
IEEE Transactions on Parallel and Distributed Systems
Hi-index | 0.00 |
Spoofing source IP addresses is always utilized to perform Distributed Denial-of-Service (DDoS) attacks. Most of current detection and prevention methods against DDoS ignore the innocent side, whose IP is utilized as the spoofed IP by the attacker. In this paper, a novel method has been proposed to against the direct DDoS attacks, which consists of two components: the client detector and the server detector. The cooperation of those two components and their interactive behavior lead to an early stage detection of a DDoS attack. From the result of experiments, the approach presented in this paper yields accurate DDoS alarms at early stage. Furthermore, such approach is insensitive to the false suspect alarms with adopted evaluation functions.