One step ahead to multisensor data fusion for DDoS detection
Journal of Computer Security - Special issue on security track at ACM symposium on applied computing 2004
A novel packet header visualization methodology for network anomaly detection
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
Network traffic anomalies such as distributed denial of service attacks or the propagation of a new worm are hard to detect on noncongested ISP backbone links. The research community hasn't managed to offer reliable detection metrics that can be implemented with the current technology constraints to network administrators yet. In this work we explore and evaluate the effectiveness of several potential heuristics in detecting flooding attacks. Our observations are based on a daily network traffic analysis for a period longer than 3 months and on more than 40 experiments that were conducted with the use of common DDoS tools in the production network of an academic ISP. The data analyzed are based on different types of passive measurements that are available today to ISP's. We identify multiple effective detection metrics that could give network administrators insight to malicious activities passing through their networks.