A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction

Authors:
Shi Yi;Yang Xinyu;Zhu Huijun
Affiliations:
Dept. Computer Science & Technology, Xi'an Jiaotong University, Xi'an, P.R.C.;Dept. Computer Science & Technology, Xi'an Jiaotong University, Xi'an, P.R.C.;Dept. Computer Science & Technology, Xi'an Jiaotong University, Xi'an, P.R.C.
Venue:
IWSEC'06 Proceedings of the 1st international conference on Security
Year:
2006

Citing 1
Cited 1

A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review

Detecting SYN flooding attacks based on traffic prediction

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.