Title :
Protecting servers against DDoS attacks with improved source IP address monitoring scheme
Author :
Takada, H.H. ; Anzaloni, Takada Alessandro
Author_Institution :
Dept. of Telecommun., Aeronaut. Inst. of Technol., S. J. Dos Campos
Abstract :
DDoS attacks have caused severe damage to servers and are a great intimidation to the development of new services. Recently, a simple but robust detection system was proposed. The referred scheme is based on the monitoring of the source IP addresses of the incoming packets. However, it is possible to show that the proposed scheme is unable to identify correctly the end of an attack and a high variance in the measured statistic degrades its performance. In this paper, it is presented a detection algorithm to monitor the source IP addresses of the incoming packets. The new algorithm requires little calculations and it meets the requirement of real time detection. Simulations using both real and synthetic attacks proved that the improved system presents lower number of false positive alarms, is able to detect correctly the end of the attacks and to deal with high variances in the measured statistics
Keywords :
IP networks; network servers; security of data; telecommunication security; DDoS attack; detection algorithm; network server; source IP address monitoring scheme; Bandwidth; Computer crime; Degradation; Detection algorithms; Intrusion detection; Monitoring; Protection; Robustness; Statistical distributions; Statistics;
Conference_Titel :
Next Generation Internet Design and Engineering, 2006. NGI '06. 2006 2nd Conference on
Conference_Location :
Valencia
Print_ISBN :
0-7803-9455-0
Electronic_ISBN :
0-7803-9456-9
DOI :
10.1109/NGI.2006.1678236
