A novel approach to detecting DDoS Attacks at an Early Stage

Authors:
Bin Xiao;Wei Chen;Yanxiang He
Affiliations:
Department of Computing, The Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong;Computer School, The State Key Lab of Software Engineering, Wuhan University, Wuhan, China 430072;Computer School, The State Key Lab of Software Engineering, Wuhan University, Wuhan, China 430072
Venue:
The Journal of Supercomputing
Year:
2006

Citing 13
Cited 1

Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
SOS: secure overlay services

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Attacking DDoS at the Source

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Using graphic turing tests to counter automated DDoS attacks against web servers

Proceedings of the 10th ACM conference on Computer and communications security
Hop-count filtering: an effective defense against spoofed DDoS traffic

Proceedings of the 10th ACM conference on Computer and communications security
New client puzzle outsourcing techniques for DoS resistance

Proceedings of the 11th ACM conference on Computer and communications security
Mitigating bandwidth-exhaustion attacks using congestion puzzles

Proceedings of the 11th ACM conference on Computer and communications security
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Defending against flooding-based distributed denial-of-service attacks: a tutorial

IEEE Communications Magazine
SOS: an architecture for mitigating DDoS attacks

IEEE Journal on Selected Areas in Communications
IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks

IEEE Transactions on Parallel and Distributed Systems

Collaborative Framework for Detection, Prevention, and Traceback of Flooding Attacks Using Marking and Filtering

Information Security Journal: A Global Perspective

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed Denial-of-Service (DDoS) attacks pose a serious threat to Internet security. Most current research focuses on detection and prevention methods on the victim server or source side. To date, there has been no work on defenses using valuable information from the innocent client whose IP has been used in attacking packets. In this paper, we propose a novel cooperative system for producing warning of a DDoS attack. The system consists of a client detector and a server detector. The client detector is placed on the innocent client side and uses a Bloom filter-based detection scheme to generate accurate detection results yet consumes minimal storage and computational resources. The server detector can actively assist the warning process by sending requests to innocent hosts. Simulation results show that the cooperative technique presented in this paper can yield accurate DDoS alarms at an early stage. We theoretically show the false alarm probability of the detection scheme, which is insensitive to false alarms when using specially designed evaluation functions.