Wide-area traffic: the failure of Poisson modeling
SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
SIGCOMM '95 Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Self-similarity in World Wide Web traffic: evidence and possible causes
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
The changing nature of network traffic: scaling phenomena
ACM SIGCOMM Computer Communication Review
Dynamics of IP traffic: a study of the role of variability and the impact of control
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Templates for the solution of algebraic eigenvalue problems: a practical guide
Templates for the solution of algebraic eigenvalue problems: a practical guide
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
NCA '03 Proceedings of the Second IEEE International Symposium on Network Computing and Applications
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Long-Range Dependence: Ten Years of Internet Traffic Modeling
IEEE Internet Computing
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A cross-correlation-based method for spatial-temporal traffic analysis
Performance Evaluation - Long range dependence and heavy tail distributions
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
On the defense of the distributed denial of service attacks: an on-off feedback control approach
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
Application of Wavelet Packet Transform to Network Anomaly Detection
NEW2AN '08 / ruSMART '08 Proceedings of the 8th international conference, NEW2AN and 1st Russian Conference on Smart Spaces, ruSMART on Next Generation Teletraffic and Wired/Wireless Advanced Networking
Detecting distributed network traffic anomaly with network-wide correlation analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Monitoring the application-layer DDoS attacks for popular websites
IEEE/ACM Transactions on Networking (TON)
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
Detection & study of DDoS attacks via entropy in data network models
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
DDoS attack detection algorithms based on entropy computing
ICICS'07 Proceedings of the 9th international conference on Information and communications security
A novel approach for protection of confidential web contents
ECC'11 Proceedings of the 5th European conference on European computing conference
Hi-index | 0.01 |
Creating defenses against flooding-based, distributed denial-of-service (DDoS) attacks requires real-time monitoring of network-wide traffic to obtain timely and significant information. Unfortunately, continuously monitoring network-wide traffic for suspicious activities presents difficult challenges because attacks may arise anywhere at any time and because attackers constantly modify attack dynamics to evade detection. In this paper, we propose a method for early attack detection. Using only a few observation points, our proposed method can monitor the macroscopic effect of DDoS flooding attacks. We show that such macroscopic-level monitoring might be used to capture shifts in spatial-temporal traffic patterns caused by various DDoS attacks and then to inform more detailed detection systems about where and when a DDoS attack possibly arises in transit or source networks. We also show that such monitoring enables DDoS attack detection without any traffic observation in the victim network.