Title :
DiDDeM: a system for early detection of TCP SYN flood attacks
Author :
Haggerty, J. ; Berry, T. ; Shi, Q. ; Merabti, M.
Author_Institution :
Sch. of Comput. & Math. Sci., Liverpool John Moores Univ., UK
fDate :
29 Nov.-3 Dec. 2004
Abstract :
This paper presents the distributed denial-of-service detection mechanism (DiDDeM) system for early detection of denial-of-service attacks. The design requirements of the system are posited to demonstrate the requirements for an early detection system. An overview of the system is presented to show how these requirements are met. DiDDeM provides a two-tier detection approach. First, pre-filters (PFs) filter traffic for possible attacks. This is achieved through the application of both stateful and stateless signatures utilising routing congestion algorithms. Second, command and control (C2) servers provide intra- and inter-domain co-operation and response to contain an attack within the routing infrastructure. The results for stateful and stateless signature detection of TCP SYN flood attacks are presented.
Keywords :
routing protocols; telecommunication congestion control; telecommunication security; transport protocols; DiDDeM; TCP SYN flood attacks; command and control servers; denial-of-service attacks; distributed denial-of-service detection mechanism; flood attack early detection system; inter-domain cooperation; intra-domain cooperation; routing congestion algorithms; stateful signature detection; stateless signature detection; traffic pre-filtering; Command and control systems; Computer crime; Counting circuits; Distributed computing; Floods; Intrusion detection; Monitoring; Routing; Telecommunication traffic; Traffic control;
Conference_Titel :
Global Telecommunications Conference, 2004. GLOBECOM '04. IEEE
Print_ISBN :
0-7803-8794-5
DOI :
10.1109/GLOCOM.2004.1378370
