Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Distinguishing between FE and DDoS Using Randomness Check
ISC '08 Proceedings of the 11th international conference on Information Security
Traffic flooding attack detection with SNMP MIB using SVM
Computer Communications
Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Intrusion Detection Based on One-class SVM and SNMP MIB Data
IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02
Research on the Active DDoS Filtering Algorithm Based on IP Flow
ICNC '09 Proceedings of the 2009 Fifth International Conference on Natural Computation - Volume 04
Parametric Differences between a Real-world Distributed Denial-of-Service Attack and a Flash Event
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
Modelling Web-server Flash Events
NCA '12 Proceedings of the 2012 IEEE 11th International Symposium on Network Computing and Applications
Hi-index | 0.00 |
This work-in-progress paper presents an ensemble-based model for detecting and mitigating Distributed Denial-of-Service (DDoS) attacks, and its partial implementation. The model utilises network traffic analysis and MIB (Management Information Base) server load analysis features for detecting a wide range of network and application layer DDoS attacks and distinguishing them from Flash Events. The proposed model will be evaluated against realistic synthetic network traffic generated using a software-based traffic generator that we have developed as part of this research. In this paper, we summarise our previous work, highlight the current work being undertaken along with preliminary results obtained and outline the future directions of our work.