Statistical approaches to DDoS attack detection and response
The nature of the threats posed by distributed denial of service (DDoS) attacks on large networks, such as the Internet, demands effective detection and response methods. These methods must be deployed not only at the edge but also at the core of the network This paper presents methods to identify D...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Tagungsbericht |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 314 vol.1 |
|---|---|
| container_issue | |
| container_start_page | 303 |
| container_title | |
| container_volume | 1 |
| creator | Feinstein, L. Schnackenberg, D. Balupari, R. Kindred, D. |
| description | The nature of the threats posed by distributed denial of service (DDoS) attacks on large networks, such as the Internet, demands effective detection and response methods. These methods must be deployed not only at the edge but also at the core of the network This paper presents methods to identify DDoS attacks by computing entropy and frequency-sorted distributions of selected packet attributes. The DDoS attacks show anomalies in the characteristics of the selected packet attributes. The detection accuracy and performance are analyzed using live traffic traces from a variety of network environments ranging from points in the core of the Internet to those inside an edge network The results indicate that these methods can be effective against current attacks and suggest directions for improving detection of more stealthy attacks. We also describe our detection-response prototype and how the detectors can be extended to make effective response decisions. |
| doi_str_mv | 10.1109/DISCEX.2003.1194894 |
| format | Conference Proceeding |
| fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1194894</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1194894</ieee_id><sourcerecordid>1194894</sourcerecordid><originalsourceid>FETCH-LOGICAL-c336t-3ba419a8b8186fcb6a5c33e1767a1a7e7880626f105dc1ab501968d1bc56c5bc3</originalsourceid><addsrcrecordid>eNotj09Lw0AUxBeKYKn5BL3sF0jd183-Ay-SVC0UPETBW3m7ecFozYbsXvz2BuxcZvgNDAxjWxA7AOHum2NbHz52eyHkAlxlXbVihTNWGO0U2CXdsiKlL7FIugqkWrOHNmMeUh4CXjhO0xwxfFLiOfKmiS3HnDF8844yhTzEkePY8ZnSFMdEd-ymx0ui4uob9v50eKtfytPr87F-PJVBSp1L6bECh9ZbsLoPXqNaCgKjDQIaMtYKvdc9CNUFQK8EOG078EHpoHyQG7b93x2I6DzNww_Ov-frR_kH1e5HZQ</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Statistical approaches to DDoS attack detection and response</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Feinstein, L. ; Schnackenberg, D. ; Balupari, R. ; Kindred, D.</creator><creatorcontrib>Feinstein, L. ; Schnackenberg, D. ; Balupari, R. ; Kindred, D.</creatorcontrib><description>The nature of the threats posed by distributed denial of service (DDoS) attacks on large networks, such as the Internet, demands effective detection and response methods. These methods must be deployed not only at the edge but also at the core of the network This paper presents methods to identify DDoS attacks by computing entropy and frequency-sorted distributions of selected packet attributes. The DDoS attacks show anomalies in the characteristics of the selected packet attributes. The detection accuracy and performance are analyzed using live traffic traces from a variety of network environments ranging from points in the core of the Internet to those inside an edge network The results indicate that these methods can be effective against current attacks and suggest directions for improving detection of more stealthy attacks. We also describe our detection-response prototype and how the detectors can be extended to make effective response decisions.</description><identifier>ISBN: 9780769518978</identifier><identifier>ISBN: 0769518974</identifier><identifier>DOI: 10.1109/DISCEX.2003.1194894</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer crime ; Computer networks ; Distributed computing ; Entropy ; Frequency ; IP networks ; Performance analysis ; Prototypes ; Telecommunication traffic ; Web and internet services</subject><ispartof>Proceedings DARPA Information Survivability Conference and Exposition, 2003, Vol.1, p.303-314 vol.1</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c336t-3ba419a8b8186fcb6a5c33e1767a1a7e7880626f105dc1ab501968d1bc56c5bc3</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1194894$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>310,311,781,785,790,791,2059,4051,4052,27927,54922</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1194894$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Feinstein, L.</creatorcontrib><creatorcontrib>Schnackenberg, D.</creatorcontrib><creatorcontrib>Balupari, R.</creatorcontrib><creatorcontrib>Kindred, D.</creatorcontrib><title>Statistical approaches to DDoS attack detection and response</title><title>Proceedings DARPA Information Survivability Conference and Exposition</title><addtitle>DISCEX</addtitle><description>The nature of the threats posed by distributed denial of service (DDoS) attacks on large networks, such as the Internet, demands effective detection and response methods. These methods must be deployed not only at the edge but also at the core of the network This paper presents methods to identify DDoS attacks by computing entropy and frequency-sorted distributions of selected packet attributes. The DDoS attacks show anomalies in the characteristics of the selected packet attributes. The detection accuracy and performance are analyzed using live traffic traces from a variety of network environments ranging from points in the core of the Internet to those inside an edge network The results indicate that these methods can be effective against current attacks and suggest directions for improving detection of more stealthy attacks. We also describe our detection-response prototype and how the detectors can be extended to make effective response decisions.</description><subject>Computer crime</subject><subject>Computer networks</subject><subject>Distributed computing</subject><subject>Entropy</subject><subject>Frequency</subject><subject>IP networks</subject><subject>Performance analysis</subject><subject>Prototypes</subject><subject>Telecommunication traffic</subject><subject>Web and internet services</subject><isbn>9780769518978</isbn><isbn>0769518974</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2003</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj09Lw0AUxBeKYKn5BL3sF0jd183-Ay-SVC0UPETBW3m7ecFozYbsXvz2BuxcZvgNDAxjWxA7AOHum2NbHz52eyHkAlxlXbVihTNWGO0U2CXdsiKlL7FIugqkWrOHNmMeUh4CXjhO0xwxfFLiOfKmiS3HnDF8844yhTzEkePY8ZnSFMdEd-ymx0ui4uob9v50eKtfytPr87F-PJVBSp1L6bECh9ZbsLoPXqNaCgKjDQIaMtYKvdc9CNUFQK8EOG078EHpoHyQG7b93x2I6DzNww_Ov-frR_kH1e5HZQ</recordid><startdate>2003</startdate><enddate>2003</enddate><creator>Feinstein, L.</creator><creator>Schnackenberg, D.</creator><creator>Balupari, R.</creator><creator>Kindred, D.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>2003</creationdate><title>Statistical approaches to DDoS attack detection and response</title><author>Feinstein, L. ; Schnackenberg, D. ; Balupari, R. ; Kindred, D.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c336t-3ba419a8b8186fcb6a5c33e1767a1a7e7880626f105dc1ab501968d1bc56c5bc3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2003</creationdate><topic>Computer crime</topic><topic>Computer networks</topic><topic>Distributed computing</topic><topic>Entropy</topic><topic>Frequency</topic><topic>IP networks</topic><topic>Performance analysis</topic><topic>Prototypes</topic><topic>Telecommunication traffic</topic><topic>Web and internet services</topic><toplevel>online_resources</toplevel><creatorcontrib>Feinstein, L.</creatorcontrib><creatorcontrib>Schnackenberg, D.</creatorcontrib><creatorcontrib>Balupari, R.</creatorcontrib><creatorcontrib>Kindred, D.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Feinstein, L.</au><au>Schnackenberg, D.</au><au>Balupari, R.</au><au>Kindred, D.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Statistical approaches to DDoS attack detection and response</atitle><btitle>Proceedings DARPA Information Survivability Conference and Exposition</btitle><stitle>DISCEX</stitle><date>2003</date><risdate>2003</risdate><volume>1</volume><spage>303</spage><epage>314 vol.1</epage><pages>303-314 vol.1</pages><isbn>9780769518978</isbn><isbn>0769518974</isbn><abstract>The nature of the threats posed by distributed denial of service (DDoS) attacks on large networks, such as the Internet, demands effective detection and response methods. These methods must be deployed not only at the edge but also at the core of the network This paper presents methods to identify DDoS attacks by computing entropy and frequency-sorted distributions of selected packet attributes. The DDoS attacks show anomalies in the characteristics of the selected packet attributes. The detection accuracy and performance are analyzed using live traffic traces from a variety of network environments ranging from points in the core of the Internet to those inside an edge network The results indicate that these methods can be effective against current attacks and suggest directions for improving detection of more stealthy attacks. We also describe our detection-response prototype and how the detectors can be extended to make effective response decisions.</abstract><pub>IEEE</pub><doi>10.1109/DISCEX.2003.1194894</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISBN: 9780769518978 |
| ispartof | Proceedings DARPA Information Survivability Conference and Exposition, 2003, Vol.1, p.303-314 vol.1 |
| issn | |
| language | eng |
| recordid | cdi_ieee_primary_1194894 |
| source | IEEE Electronic Library (IEL) Conference Proceedings |
| subjects | Computer crime Computer networks Distributed computing Entropy Frequency IP networks Performance analysis Prototypes Telecommunication traffic Web and internet services |
| title | Statistical approaches to DDoS attack detection and response |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-18T05%3A54%3A58IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Statistical%20approaches%20to%20DDoS%20attack%20detection%20and%20response&rft.btitle=Proceedings%20DARPA%20Information%20Survivability%20Conference%20and%20Exposition&rft.au=Feinstein,%20L.&rft.date=2003&rft.volume=1&rft.spage=303&rft.epage=314%20vol.1&rft.pages=303-314%20vol.1&rft.isbn=9780769518978&rft.isbn_list=0769518974&rft_id=info:doi/10.1109/DISCEX.2003.1194894&rft_dat=%3Cieee_6IE%3E1194894%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1194894&rfr_iscdi=true |