A prediction-based detection algorithm against distributed denial-of-service attacks
作者: Guoxing Zhang , Shengming Jiang , Gang Wei , Quansheng Guan
关键词:
摘要: Denial-of-Service (DoS) attacks especially distributed DoS (DDoS) have become significant and increasing threats to the Internet. Huge efforts from both academia industry been made on detection defense of DDoS attacks. However, most schemes do not directly aim at protecting victim itself (e.g., servers) but attack sources or intermediate network units. Although locating identifying attacking are critical stop for legal procedure, rapid efficient predicting happen in server is more important reduce damage caused by even prevent happening. this part has addressed sufficiently literature. In paper, we first briefly review research attacks, then discuss a method define quantify severs based available service rates. This because often direct one-point failure entire system. No matter whether there undergoing, if sever overloaded normal requests, effect imposed system equivalent that A prediction rate protected proposed, which applies Auto Regressive Integrated (ARIMA) model. Finally, investigate proposed predict through simulation studies with NS2. The results show algorithm effective
acm.org
sci-hub.se 参考文章(12)
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
S. Cheung, Denial of service against the Domain Name System ieee symposium on security and privacy. ,vol. 4, pp. 40- 45 ,(2006) , 10.1109/MSP.2006.10
Jelena Mirkovic, Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms acm special interest group on data communication. ,vol. 34, pp. 39- 53 ,(2004) , 10.1145/997150.997156
J. Mirkovic, P. Reiher, D-WARD: a source-end defense against flooding denial-of-service attacks IEEE Transactions on Dependable and Secure Computing. ,vol. 2, pp. 216- 232 ,(2005) , 10.1109/TDSC.2005.35
Alex C. Snoeren, Hash-based IP traceback Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '01. ,vol. 31, pp. 3- 14 ,(2001) , 10.1145/383059.383060
A. Kuzmanovic, E.W. Knightly, Low-rate TCP-targeted denial of service attacks and counter strategies IEEE ACM Transactions on Networking. ,vol. 14, pp. 683- 696 ,(2006) , 10.1109/TNET.2006.880180
Yoohwan Kim, Wing Cheong Lau, Mooi Choo Chuah, H.J. Chao, PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks IEEE Transactions on Dependable and Secure Computing. ,vol. 3, pp. 141- 155 ,(2006) , 10.1109/TDSC.2006.25
H.R Nagesh, K. Chandra Sekaran, Adarsh Rao Kordcal, Proactive model for Mitigating Internet Denial-of-Service Attacks international conference on information technology. pp. 96- 101 ,(2007) , 10.1109/ITNG.2007.157
G. Carl, G. Kesidis, R.R. Brooks, Suresh Rai, Denial-of-service attack-detection techniques IEEE Internet Computing. ,vol. 10, pp. 82- 89 ,(2006) , 10.1109/MIC.2006.5
Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, Scott Shenker, Controlling high bandwidth aggregates in the network acm special interest group on data communication. ,vol. 32, pp. 62- 73 ,(2002) , 10.1145/571697.571724