Abstract
This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.
This work is supported by the NSFC (National Natural Science Foundation of China – under Grant 60403028), NSFS (Natural Science Foundation of Shaanxi – under Grant 2004F43), and Natural Science Foundation of Electronic and Information Engineering School, Xi’an Jiaotong University.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Comp. Emergency Response Team, Results of the Distributed-Systems Intruder Tools Workshop, http://www.cert.org/reports/dsit_workshop-final.html
Mirkovic, J., Martin, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34(2) (April 2004)
YANG, X., ZENG, M., ZHAO, R., SHI, Y.: A Novel LMS Method for Real-time Network Traffic Prediction. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 127–136. Springer, Heidelberg (2004)
YANG, W.-j., YANG, X.-y., SHI, Y., ZENG, M., ZHENG, S.-q.: A Novel Algorithm of SYN Flooding Attack Source Orientation & Defense based on Network Traffic and its Description using Petri Network. Microelectronics & Computer 22(1), 20–24 (2005)
http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_1.0.html
The Network Simulator - ns-2, http://www.isi.edu/ns
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yi, S., Xinyu, Y., Huijun, Z. (2006). A Flooding-Based DoS/DDoS Detecting Algorithm Based on Traffic Measurement and Prediction. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds) Advances in Information and Computer Security. IWSEC 2006. Lecture Notes in Computer Science, vol 4266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908739_18
Download citation
DOI: https://doi.org/10.1007/11908739_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47699-3
Online ISBN: 978-3-540-47700-6
eBook Packages: Computer ScienceComputer Science (R0)