Title :
Monitoring the macroscopic effect of DDoS flooding attacks
Author :
Yuan, Jian ; Mills, Kevin
Author_Institution :
Dept. of Electron. Eng., Tsinghua Univ., Beijing, China
Abstract :
Creating defenses against flooding-based, distributed denial-of-service (DDoS) attacks requires real-time monitoring of network-wide traffic to obtain timely and significant information. Unfortunately, continuously monitoring network-wide traffic for suspicious activities presents difficult challenges because attacks may arise anywhere at any time and because attackers constantly modify attack dynamics to evade detection. In this paper, we propose a method for early attack detection. Using only a few observation points, our proposed method can monitor the macroscopic effect of DDoS flooding attacks. We show that such macroscopic-level monitoring might be used to capture shifts in spatial-temporal traffic patterns caused by various DDoS attacks and then to inform more detailed detection systems about where and when a DDoS attack possibly arises in transit or source networks. We also show that such monitoring enables DDoS attack detection without any traffic observation in the victim network.
Keywords :
monitoring; security of data; telecommunication security; telecommunication traffic; DDoS flooding attacks; flooding-based distributed denial-of-service; macroscopic-level monitoring; Computer crime; Floods; IP networks; Information filtering; Information filters; Internet; Milling machines; Monitoring; Protocols; Telecommunication traffic; Index Terms- DDoS attack; attack dynamics; monitoring; network traffic; spatial-temporal pattern.;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2005.50
