Skip to main content
SpringerLink
Log in
Book cover

Distributed Denial of Service Attack and Defense pp 31–53Cite as

DDoS Attack Detection

  • Chapter
  • First Online:

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

Abstract

In this chapter, we study on detection methods on DDoS attacks, which covers feature based detection methods, network traffic based detection methods, and detections against legitimate network event mimicking attacks. Each detection method is mathematically modelled for readers for possible further work in the fields.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Y. Chen and K. Hwang, “Collaborative detection and filtering of shrew ddos attacks using spectral analysis,” Journal of Parallel Distributed Computing, vol. 66, no. 9, pp. 1137–1151, 2006.

    Article  MATH  Google Scholar 

  2. H. Wang, C. Jin, and K. G. Shin, “Defense against spoofed ip traffic using hop-count filtering,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 40–53, 2007.

    Article  Google Scholar 

  3. B. Al-Duwairi and G. Manimaran, “Novel hybrid schemes employing packet marking and logging for ip traceback,” IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 5, pp. 403–418, 2006.

    Article  Google Scholar 

  4. Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “Packetscore: A statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141–155, 2006.

    Article  Google Scholar 

  5. R. R. Kompella, S. Singh, and G. Varghese, “On scalable attack detection in the network,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 14–25, 2007.

    Article  Google Scholar 

  6. P. E. Ayres, H. Sun, H. J. Chao, and W. C. Lau, “Alpi: A ddos defense system for high-speed networks,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 10, pp. 1864–1876, 2006.

    Article  Google Scholar 

  7. Y. Xiong, S. Liu, and P. Sun, “On the defense of the distributed denial of service attacks: an on-off feedback control approach,” IEEE Transactions on Systems, Man, and Cybernetics, Part A, vol. 31, no. 4, pp. 282–293, 2001.

    Article  Google Scholar 

  8. R. Chen, J.-M. Park, and R. Marchany, “A divide-and-conquer strategy for thwarting distributed denial-of-service attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 5, pp. 577–588, 2007.

    Article  Google Scholar 

  9. A. Yaar, A. Perrig, and D. Song, “Stackpi: New packet marking and filtering mechanisms for ddos and ip spoofing defense,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 10, pp. 1853–1863, 2006.

    Article  Google Scholar 

  10. A. Bremler-Barr and H. Levy, “Spoofing prevention method,” in Proceedings of INFOCOM, 2005, pp. 536–547.

    Google Scholar 

  11. H. Aljifri, “Ip traceback: A new denial-of-service deterrent?” IEEE Security and Privacy, vol. 1, pp. 24–31, 2003.

    Article  Google Scholar 

  12. A. Yaar, A. Perrig, and D. X. Song, “Fit: fast internet traceback,” in Proceedings of the INFOCOM, 2005, pp. 1395–1406.

    Google Scholar 

  13. M. Sung, J. Xu, J. Li, and L. Li, “Large-scale ip traceback in high-speed internet: practical techniques and information-theoretic foundation,” IEEE/ACM Transactions on Networking, vol. 16, no. 6, pp. 1253–1266, 2008.

    Article  Google Scholar 

  14. L. Feinstein and D. Schnackenberg, “Statistical approaches to ddos attack detection and response,” in Proceedings of the DARPA Information Survivability Conference and Exposition, 2003, pp. 303–314.

    Google Scholar 

  15. D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” ACM Transactions on Computer Systems, vol. 24, no. 2, pp. 115–139, 2006.

    Article  Google Scholar 

  16. A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for defending firewalls against dos attacks,” in Proceedings of INFOCOM, 2009, pp. 2437–2445.

    Google Scholar 

  17. F. Soldo, A. Markopoulou, and K. J. Argyraki, “Optimal filtering of source address prefixes: Models and algorithms,” in Proceedings of INFOCOM, 2009, pp. 2446–2454.

    Google Scholar 

  18. P. Barford, J. Kline, D. Plonka, and A. Ron, “A signal analysis of network traffic anomalies,” in Proceedings of the Internet Measurement Workshop, 2002, pp. 71–82.

    Google Scholar 

  19. J. Tang and Y. Cheng, “Quick detection of stealthy sip flooding attacks in voip networks,” in Proceedings of the IEEE ICC, 2011, pp. 1–5.

    Google Scholar 

  20. Z. Duan, X. Yuan, and J. Chandrashekar, “Controlling ip spoofing through interdomain packet filters,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 1, pp. 22–36, 2008.

    Article  Google Scholar 

  21. F. Yi, S. Yu, W. Zhou, J. Hai, and A. Bonti, “Source-based filtering algorithm against ddos attacks,” International Journal of Database Theory and Application, vol. 1, no. 1, pp. 9–20, 2008.

    Google Scholar 

  22. G. Carl, G. Kesidis, R. Brooks, and S. Rai, “Denial-of-service attack-detection techniques,” IEEE Internet Computing, vol. 10, no. 1, pp. 82–89, 2006.

    Article  Google Scholar 

  23. W. Lee and D. Xiang, “Information-theoretic measures for anomaly detection,” in Proceedings of the IEEE Symposium on Security and Privacy, 2001, pp. 130–143.

    Google Scholar 

  24. C. Cheng, H. T. Kung, and K. S. Tan, “Use of spectral analysis in defense against dos attacks,” in Proceedings of the IEEE Global Communications Conference, 2002, pp. 2143–2148.

    Google Scholar 

  25. K. Lu, D. Wu, J. Fan, S. Todorovic, and A. Nucci, “Robust and efficient detection of ddos attacks for large-scale internet,” Computer Networks, vol. 51, no. 9, pp. 5036–5056, 2007.

    Article  MATH  Google Scholar 

  26. H. Sengar, H. Wang, D. Wijesekera, and S. Jajodia, “Detecting voip floods using the hellinger distance,” IEEE Transactions on Parallel and Distributed Systems, vol. 19, no. 6, pp. 794–805, 2008.

    Article  Google Scholar 

  27. S. Yu, W. Zhou, and R. Doss, “Information theory based detection against network behavior mimicking ddos attack,” IEEE Communications Letters, vol. 12, no. 4, pp. 319–321, 2008.

    Google Scholar 

  28. A. Kuzmanovic and E. W. Knightly, “Low-rate tcp-targeted denial of service attacks: the shrew vs. the mice and elephants,” in Proceedings of the SIGCOMM, 2003, pp. 75–86.

    Google Scholar 

  29. A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry, “Non-gaussian and long memory statistical characterizations for internet traffic with anomalies,” IEEE Transactions on Dependable Secure Computing, vol. 4, no. 1, pp. 56–70, 2007.

    Article  Google Scholar 

  30. J. Yuan and K. Miles, “Ddos attack detection and wavelets,” National Institute of Standards and Technology, Tech. Rep., 2004.

    Google Scholar 

  31. D. Veitch and P. Abry, “A wavelet-based joint estimator of the parameters of long-range dependence,” IEEE Transactions on Information Theory, vol. 45, no. 3, pp. 878–897, 1999.

    Article  MathSciNet  MATH  Google Scholar 

  32. L. Li and G. Lee, “Ddos attack detection and wavelets,” in Proceedings of the International Conference on Computer Communications and Networks, 2003.

    Google Scholar 

  33. T. M. Cover and J. A. Thomas, Elements of Information Theory. John Wiley & Sons, 2006.

    Google Scholar 

  34. J. Jung, B. Krishnamurthy, and M. Rabinovich, “Flash crowds and denial of service attacks: Characterization and implications for cdns and web sites,” in Proceedings of the WWW. IEEE, 2002, pp. 252–262.

    Google Scholar 

  35. S. Jin and D. Yeung, “A covariance analysis model for ddos attack detection,” in Proceedings of the INFOCOM, 2004, pp. 1882–1886.

    Google Scholar 

  36. Y. Xie and S.-Z. Yu, “A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 54–65, 2009.

    Article  Google Scholar 

  37. T. M. Cover and J. A. Thomas, “Monitoring the application-layer ddos attacks for popular websites,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 15–25, 2009.

    Article  Google Scholar 

  38. G. Oikonomou and J. Mirkovic, “Modeling human behavior for defense against flash-crowd attacks,” in Proceedings of the INFOCOM, 2009.

    Google Scholar 

  39. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging,” in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007.

    Google Scholar 

  40. W. Liu, P. P. Pokharel, and J. C. Principe, “Correntropy: Properties and applications in non-gaussian signal processing,” IEEE Transactions on Signal Processing, vol. 55, no. 11, pp. 5286–5298, 2007.

    Article  MathSciNet  Google Scholar 

  41. S. Yu, T. Thapngam, J. Liu, S. Wei, and W. Zhou, “Discriminating ddos flows from flash crowds using information distance,” in Proceedings of the NSS, 2009, pp. 351–356.

    Google Scholar 

  42. S.-C. S. Cheung and A. Zakhor, “Fast similarity search and clustering of video sequences on the world-wide-web,” IEEE Transactions on Multimedia, vol. 7, no. 3, pp. 524–537, 2005.

    Article  Google Scholar 

  43. J. Yu, J. Amores, N. Sebe, P. Radeva, and Q. Tian, “Distance learning for similarity estimation,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 30, no. 3, pp. 451–462, 2008.

    Article  Google Scholar 

  44. W. Xu, C. Chang, Y. S. Hung, S. K. Kwan, and P. C. W. Fung, “Order statistics correlation coefficient as a novel association measurement with applications to biosignal analysis,” IEEE Transactions on Signal Processing, vol. 55, no. 12, pp. 5552–5563, 2007.

    Article  MathSciNet  Google Scholar 

  45. R. He, W.-S. Zheng, and B.-G. Hu, “Maximum correntropy criterion for robust face recognition,” IEEE Transactions on Pattern Analysis and Machine Intellegence, vol. 33, no. 8, pp. 1561–1576, 2011.

    Article  Google Scholar 

  46. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging,” in Proceedings of the first conference on Hot Topics in Understanding Botnets, 2007.

    Google Scholar 

  47. V. Paxson and S. Floyd, “Wide area traffic: the failure of poisson modeling,” IEEE/ACM Transactions on Networking, vol. 3, no. 3, pp. 226–244, 1995.

    Article  Google Scholar 

  48. M. E. Crovella and A. Bestavros, “Self-similarity in world wide web traffic: evidence and possible causes,” IEEE/ACM Transactions on Networking, vol. 5, no. 6, pp. 835–846, 1997.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Theory, Deakin University, Melbourne, VIC, Australia

    Shui Yu

Authors
  1. Shui Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 The Author(s)

About this chapter

Cite this chapter

Yu, S. (2014). DDoS Attack Detection. In: Distributed Denial of Service Attack and Defense. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9491-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-9491-1_3

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-9490-4

  • Online ISBN: 978-1-4614-9491-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation