A Flooding-Based DoS/DDoS Detecting Algorithm Based on Traffic Measurement and Prediction

Yi, Shi; Xinyu, Yang; Huijun, Zhu

doi:10.1007/11908739_18

Shi Yi²¹,
Yang Xinyu²¹ &
Zhu Huijun²¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4266))

Included in the following conference series:

International Workshop on Security

767 Accesses
1 Citation

Abstract

This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.

This work is supported by the NSFC (National Natural Science Foundation of China – under Grant 60403028), NSFS (Natural Science Foundation of Shaanxi – under Grant 2004F43), and Natural Science Foundation of Electronic and Information Engineering School, Xi’an Jiaotong University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Real-Time DDoS Detection Based on Entropy Using Hadoop Framework

A Real-Time Visualization Defense Framework for DDoS Attack

Real-Time Distributed Denial-of-Service (DDoS) Attack Detection Using Decision Trees for Server Performance Maintenance

References

Comp. Emergency Response Team, Results of the Distributed-Systems Intruder Tools Workshop, http://www.cert.org/reports/dsit_workshop-final.html
Mirkovic, J., Martin, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34(2) (April 2004)
Google Scholar
YANG, X., ZENG, M., ZHAO, R., SHI, Y.: A Novel LMS Method for Real-time Network Traffic Prediction. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 127–136. Springer, Heidelberg (2004)
Chapter Google Scholar
YANG, W.-j., YANG, X.-y., SHI, Y., ZENG, M., ZHENG, S.-q.: A Novel Algorithm of SYN Flooding Attack Source Orientation & Defense based on Network Traffic and its Description using Petri Network. Microelectronics & Computer 22(1), 20–24 (2005)
Google Scholar
http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_1.0.html
The Network Simulator - ns-2, http://www.isi.edu/ns

Download references

Author information

Authors and Affiliations

Dept. Computer Science & Technology, Xi’an Jiaotong University, Xianning West Road 28#, Xi’an, P.R.C.
Shi Yi, Yang Xinyu & Zhu Huijun

Authors

Shi Yi
View author publications
Search author on:PubMed Google Scholar
Yang Xinyu
View author publications
Search author on:PubMed Google Scholar
Zhu Huijun
View author publications
Search author on:PubMed Google Scholar

Editor information

Editors and Affiliations

Faculty of Electro-Communication, The University of Electro-Communications, 1-5-1, Chofugaoka, P.O. Box, 182-8585, Chofu, Japan
Hiroshi Yoshiura
Department of Computer Science, Communication Engineering, Kyushu University, 812-0053, Fukuoka, Japan
Kouichi Sakurai
Institute of Business Informatics, Goethe University Frankfurt, Frankfurt/Main, Germany
Kai Rannenberg
Faculty of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Takizawa-mura, 020-0193, Iwate, Japan
Yuko Murayama
Toshiba Corporation, 1, Komukai Toshiba-cho, Saiwai-ku, P.O. Box, 212-8582, Kawasaki, Japan
Shinichi Kawamura

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Yi, S., Xinyu, Y., Huijun, Z. (2006). A Flooding-Based DoS/DDoS Detecting Algorithm Based on Traffic Measurement and Prediction. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds) Advances in Information and Computer Security. IWSEC 2006. Lecture Notes in Computer Science, vol 4266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908739_18

Download citation

DOI: https://doi.org/10.1007/11908739_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47699-3
Online ISBN: 978-3-540-47700-6
eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Publish with us

Policies and ethics