Skip to main content
SpringerLink
Log in

A Flooding-Based DoS/DDoS Detecting Algorithm Based on Traffic Measurement and Prediction

  • Conference paper
Advances in Information and Computer Security (IWSEC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4266))

Included in the following conference series:

Abstract

This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.

This work is supported by the NSFC (National Natural Science Foundation of China – under Grant 60403028), NSFS (Natural Science Foundation of Shaanxi – under Grant 2004F43), and Natural Science Foundation of Electronic and Information Engineering School, Xi’an Jiaotong University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Comp. Emergency Response Team, Results of the Distributed-Systems Intruder Tools Workshop, http://www.cert.org/reports/dsit_workshop-final.html

  2. Mirkovic, J., Martin, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34(2) (April 2004)

    Google Scholar 

  3. YANG, X., ZENG, M., ZHAO, R., SHI, Y.: A Novel LMS Method for Real-time Network Traffic Prediction. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 127–136. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. YANG, W.-j., YANG, X.-y., SHI, Y., ZENG, M., ZHENG, S.-q.: A Novel Algorithm of SYN Flooding Attack Source Orientation & Defense based on Network Traffic and its Description using Petri Network. Microelectronics & Computer 22(1), 20–24 (2005)

    Google Scholar 

  5. http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_1.0.html

  6. The Network Simulator - ns-2, http://www.isi.edu/ns

Download references

Author information

Authors and Affiliations

  1. Dept. Computer Science & Technology, Xi’an Jiaotong University, Xianning West Road 28#, Xi’an, P.R.C.

    Shi Yi, Yang Xinyu & Zhu Huijun

Authors
  1. Shi Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Xinyu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhu Huijun
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Electro-Communication, The University of Electro-Communications, 1-5-1, Chofugaoka, P.O. Box, 182-8585, Chofu, Japan

    Hiroshi Yoshiura

  2. Department of Computer Science, Communication Engineering, Kyushu University, 812-0053, Fukuoka, Japan

    Kouichi Sakurai

  3. Institute of Business Informatics, Goethe University Frankfurt, Frankfurt/Main, Germany

    Kai Rannenberg

  4. Faculty of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Takizawa-mura, 020-0193, Iwate, Japan

    Yuko Murayama

  5. Toshiba Corporation, 1, Komukai Toshiba-cho, Saiwai-ku, P.O. Box, 212-8582, Kawasaki, Japan

    Shinichi Kawamura

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yi, S., Xinyu, Y., Huijun, Z. (2006). A Flooding-Based DoS/DDoS Detecting Algorithm Based on Traffic Measurement and Prediction. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds) Advances in Information and Computer Security. IWSEC 2006. Lecture Notes in Computer Science, vol 4266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908739_18

Download citation

  • DOI: https://doi.org/10.1007/11908739_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-47699-3

  • Online ISBN: 978-3-540-47700-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation