Abstract
In this chapter, we study on detection methods on DDoS attacks, which covers feature based detection methods, network traffic based detection methods, and detections against legitimate network event mimicking attacks. Each detection method is mathematically modelled for readers for possible further work in the fields.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Y. Chen and K. Hwang, “Collaborative detection and filtering of shrew ddos attacks using spectral analysis,” Journal of Parallel Distributed Computing, vol. 66, no. 9, pp. 1137–1151, 2006.
H. Wang, C. Jin, and K. G. Shin, “Defense against spoofed ip traffic using hop-count filtering,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 40–53, 2007.
B. Al-Duwairi and G. Manimaran, “Novel hybrid schemes employing packet marking and logging for ip traceback,” IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 5, pp. 403–418, 2006.
Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “Packetscore: A statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141–155, 2006.
R. R. Kompella, S. Singh, and G. Varghese, “On scalable attack detection in the network,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 14–25, 2007.
P. E. Ayres, H. Sun, H. J. Chao, and W. C. Lau, “Alpi: A ddos defense system for high-speed networks,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 10, pp. 1864–1876, 2006.
Y. Xiong, S. Liu, and P. Sun, “On the defense of the distributed denial of service attacks: an on-off feedback control approach,” IEEE Transactions on Systems, Man, and Cybernetics, Part A, vol. 31, no. 4, pp. 282–293, 2001.
R. Chen, J.-M. Park, and R. Marchany, “A divide-and-conquer strategy for thwarting distributed denial-of-service attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 5, pp. 577–588, 2007.
A. Yaar, A. Perrig, and D. Song, “Stackpi: New packet marking and filtering mechanisms for ddos and ip spoofing defense,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 10, pp. 1853–1863, 2006.
A. Bremler-Barr and H. Levy, “Spoofing prevention method,” in Proceedings of INFOCOM, 2005, pp. 536–547.
H. Aljifri, “Ip traceback: A new denial-of-service deterrent?” IEEE Security and Privacy, vol. 1, pp. 24–31, 2003.
A. Yaar, A. Perrig, and D. X. Song, “Fit: fast internet traceback,” in Proceedings of the INFOCOM, 2005, pp. 1395–1406.
M. Sung, J. Xu, J. Li, and L. Li, “Large-scale ip traceback in high-speed internet: practical techniques and information-theoretic foundation,” IEEE/ACM Transactions on Networking, vol. 16, no. 6, pp. 1253–1266, 2008.
L. Feinstein and D. Schnackenberg, “Statistical approaches to ddos attack detection and response,” in Proceedings of the DARPA Information Survivability Conference and Exposition, 2003, pp. 303–314.
D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” ACM Transactions on Computer Systems, vol. 24, no. 2, pp. 115–139, 2006.
A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for defending firewalls against dos attacks,” in Proceedings of INFOCOM, 2009, pp. 2437–2445.
F. Soldo, A. Markopoulou, and K. J. Argyraki, “Optimal filtering of source address prefixes: Models and algorithms,” in Proceedings of INFOCOM, 2009, pp. 2446–2454.
P. Barford, J. Kline, D. Plonka, and A. Ron, “A signal analysis of network traffic anomalies,” in Proceedings of the Internet Measurement Workshop, 2002, pp. 71–82.
J. Tang and Y. Cheng, “Quick detection of stealthy sip flooding attacks in voip networks,” in Proceedings of the IEEE ICC, 2011, pp. 1–5.
Z. Duan, X. Yuan, and J. Chandrashekar, “Controlling ip spoofing through interdomain packet filters,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 1, pp. 22–36, 2008.
F. Yi, S. Yu, W. Zhou, J. Hai, and A. Bonti, “Source-based filtering algorithm against ddos attacks,” International Journal of Database Theory and Application, vol. 1, no. 1, pp. 9–20, 2008.
G. Carl, G. Kesidis, R. Brooks, and S. Rai, “Denial-of-service attack-detection techniques,” IEEE Internet Computing, vol. 10, no. 1, pp. 82–89, 2006.
W. Lee and D. Xiang, “Information-theoretic measures for anomaly detection,” in Proceedings of the IEEE Symposium on Security and Privacy, 2001, pp. 130–143.
C. Cheng, H. T. Kung, and K. S. Tan, “Use of spectral analysis in defense against dos attacks,” in Proceedings of the IEEE Global Communications Conference, 2002, pp. 2143–2148.
K. Lu, D. Wu, J. Fan, S. Todorovic, and A. Nucci, “Robust and efficient detection of ddos attacks for large-scale internet,” Computer Networks, vol. 51, no. 9, pp. 5036–5056, 2007.
H. Sengar, H. Wang, D. Wijesekera, and S. Jajodia, “Detecting voip floods using the hellinger distance,” IEEE Transactions on Parallel and Distributed Systems, vol. 19, no. 6, pp. 794–805, 2008.
S. Yu, W. Zhou, and R. Doss, “Information theory based detection against network behavior mimicking ddos attack,” IEEE Communications Letters, vol. 12, no. 4, pp. 319–321, 2008.
A. Kuzmanovic and E. W. Knightly, “Low-rate tcp-targeted denial of service attacks: the shrew vs. the mice and elephants,” in Proceedings of the SIGCOMM, 2003, pp. 75–86.
A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry, “Non-gaussian and long memory statistical characterizations for internet traffic with anomalies,” IEEE Transactions on Dependable Secure Computing, vol. 4, no. 1, pp. 56–70, 2007.
J. Yuan and K. Miles, “Ddos attack detection and wavelets,” National Institute of Standards and Technology, Tech. Rep., 2004.
D. Veitch and P. Abry, “A wavelet-based joint estimator of the parameters of long-range dependence,” IEEE Transactions on Information Theory, vol. 45, no. 3, pp. 878–897, 1999.
L. Li and G. Lee, “Ddos attack detection and wavelets,” in Proceedings of the International Conference on Computer Communications and Networks, 2003.
T. M. Cover and J. A. Thomas, Elements of Information Theory. John Wiley & Sons, 2006.
J. Jung, B. Krishnamurthy, and M. Rabinovich, “Flash crowds and denial of service attacks: Characterization and implications for cdns and web sites,” in Proceedings of the WWW. IEEE, 2002, pp. 252–262.
S. Jin and D. Yeung, “A covariance analysis model for ddos attack detection,” in Proceedings of the INFOCOM, 2004, pp. 1882–1886.
Y. Xie and S.-Z. Yu, “A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 54–65, 2009.
T. M. Cover and J. A. Thomas, “Monitoring the application-layer ddos attacks for popular websites,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 15–25, 2009.
G. Oikonomou and J. Mirkovic, “Modeling human behavior for defense against flash-crowd attacks,” in Proceedings of the INFOCOM, 2009.
M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging,” in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007.
W. Liu, P. P. Pokharel, and J. C. Principe, “Correntropy: Properties and applications in non-gaussian signal processing,” IEEE Transactions on Signal Processing, vol. 55, no. 11, pp. 5286–5298, 2007.
S. Yu, T. Thapngam, J. Liu, S. Wei, and W. Zhou, “Discriminating ddos flows from flash crowds using information distance,” in Proceedings of the NSS, 2009, pp. 351–356.
S.-C. S. Cheung and A. Zakhor, “Fast similarity search and clustering of video sequences on the world-wide-web,” IEEE Transactions on Multimedia, vol. 7, no. 3, pp. 524–537, 2005.
J. Yu, J. Amores, N. Sebe, P. Radeva, and Q. Tian, “Distance learning for similarity estimation,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 30, no. 3, pp. 451–462, 2008.
W. Xu, C. Chang, Y. S. Hung, S. K. Kwan, and P. C. W. Fung, “Order statistics correlation coefficient as a novel association measurement with applications to biosignal analysis,” IEEE Transactions on Signal Processing, vol. 55, no. 12, pp. 5552–5563, 2007.
R. He, W.-S. Zheng, and B.-G. Hu, “Maximum correntropy criterion for robust face recognition,” IEEE Transactions on Pattern Analysis and Machine Intellegence, vol. 33, no. 8, pp. 1561–1576, 2011.
M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging,” in Proceedings of the first conference on Hot Topics in Understanding Botnets, 2007.
V. Paxson and S. Floyd, “Wide area traffic: the failure of poisson modeling,” IEEE/ACM Transactions on Networking, vol. 3, no. 3, pp. 226–244, 1995.
M. E. Crovella and A. Bestavros, “Self-similarity in world wide web traffic: evidence and possible causes,” IEEE/ACM Transactions on Networking, vol. 5, no. 6, pp. 835–846, 1997.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2014 The Author(s)
About this chapter
Cite this chapter
Yu, S. (2014). DDoS Attack Detection. In: Distributed Denial of Service Attack and Defense. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9491-1_3
Download citation
DOI: https://doi.org/10.1007/978-1-4614-9491-1_3
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-9490-4
Online ISBN: 978-1-4614-9491-1
eBook Packages: Computer ScienceComputer Science (R0)