Protecting servers against DDoS attacks with improved source IP address monitoring scheme

Author

Takada, H.H. ; Anzaloni, Takada Alessandro

Author_Institution

Dept. of Telecommun., Aeronaut. Inst. of Technol., S. J. Dos Campos

fYear

0

fDate

0-0 0

Lastpage

159

Abstract

DDoS attacks have caused severe damage to servers and are a great intimidation to the development of new services. Recently, a simple but robust detection system was proposed. The referred scheme is based on the monitoring of the source IP addresses of the incoming packets. However, it is possible to show that the proposed scheme is unable to identify correctly the end of an attack and a high variance in the measured statistic degrades its performance. In this paper, it is presented a detection algorithm to monitor the source IP addresses of the incoming packets. The new algorithm requires little calculations and it meets the requirement of real time detection. Simulations using both real and synthetic attacks proved that the improved system presents lower number of false positive alarms, is able to detect correctly the end of the attacks and to deal with high variances in the measured statistics

Keywords

IP networks; network servers; security of data; telecommunication security; DDoS attack; detection algorithm; network server; source IP address monitoring scheme; Bandwidth; Computer crime; Degradation; Detection algorithms; Intrusion detection; Monitoring; Protection; Robustness; Statistical distributions; Statistics;

fLanguage

English

Publisher

ieee

Conference_Titel

Next Generation Internet Design and Engineering, 2006. NGI '06. 2006 2nd Conference on

Conference_Location

Valencia

Print_ISBN

0-7803-9455-0

Electronic_ISBN

0-7803-9456-9

Type

conf

DOI

10.1109/NGI.2006.1678236

Filename

1678236