A new way to detect DDoS attacks within single router

A new way to detect DDoS attacks within single router

Different from other research work focusing on network-wide traffic, the traffic we focus on for analysis is that of a traffic state viewed from a router¿s interior. In this paper, at first, a kind of Port-to-Port traffic in a router is introduced, which we call IF flow. IF flows can amplify the rat...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ruoyu Yan, Qinghua Zheng, Guolin Niu, Sheng Gao
Format: Tagungsbericht
Sprache:eng
Schlagworte:
anomaly detection
Computer crime
Computer science
distributed denial of service
Filters
History
Large-scale systems
Least squares methods
recursive least square
Resonance light scattering
router-wide traffic analysis
Statistical distributions
Telecommunication traffic
Web and internet services
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Different from other research work focusing on network-wide traffic, the traffic we focus on for analysis is that of a traffic state viewed from a router¿s interior. In this paper, at first, a kind of Port-to-Port traffic in a router is introduced, which we call IF flow. IF flows can amplify the ratio of attack traffic to normal traffic. Then RLS (recursive least square) filter is used to predict IF flows. After that, a statistical method using residual filtered process is proposed to detect anomalies. Finally we respectively apply the method to three types of traffics: IF flows, input links and output links within a router, and compare the anomaly detection results using ROC curves. Results show that IF flows are more powerful than input links and output links in DDoS attacks detection.
DOI:10.1109/ICCS.2008.4737371