Sciweavers

ICC
2007
IEEE

Detecting Flooding-Based DDoS Attacks

14 years 6 months ago
Detecting Flooding-Based DDoS Attacks
—A Distributed Denial of Service (DDoS) attack is widely regarded as a major threat for the current Internet because of its ability to create a huge volume of unwanted traffic. It is hard to detect and respond to DDoS attacks due to large and complex network environments. In this paper, we introduce two distance-based DDoS detection techniques: average distance estimation and distance-based traffic separation. They detect attacks by analyzing distance values and traffic rates. The distance information of a packet can be inferred from the Timeto-Live (TTL) value of the IP header. In the average distance estimation DDoS detection technique, the prediction of mean distance value is used to define normality. The prediction of traffic arrival rates from different distances is used in the distance-based traffic separation DDoS detection technique. The mean absolute deviation (MAD)-based deviation model provides the legal scope to separate the normality from the abnormality for both t...
Yonghua You, Mohammad Zulkernine, Anwar Haque
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ICC
Authors Yonghua You, Mohammad Zulkernine, Anwar Haque
Comments (0)