Research on the Active DDoS Filtering Algorithm Based on IP Flow

Author

Feng, Yifu ; Guo, Rui ; Wang, Dongqi ; Zhang, Bencheng

Author_Institution

Jilin Normal Univ., Siping, China

Volume

4

fYear

2009

fDate

14-16 Aug. 2009

Firstpage

628

Lastpage

632

Abstract

Distributed denial-of-service flooding attacks against public web servers are increasingly common. It is impossible for the victim servers to work on the individual level of on-going traffic flows. The scheme establishes IP Flow which is used to select proper features for DDoS detection. Five features are analyzed by the experiments. The IP flow statistics is mainly used to allocate the weights for traffic routing by routers. A new algorithm is thus proposed to get efficiently maximum throughput by the traffic filtering, and its feasibility and validity have been verified in real network circumstances. The algorithm shows its advantages that it is with high average detection and with low false alarm and miss alarm. Moreover, it can optimize the network traffic simultaneously with defending against DDoS attack, thus eliminating efficiently the global burst of traffic arising from normal traffic so as to improve greatly the efficiency of servers.

Keywords

security of data; telecommunication traffic; DDoS detection; DDoS filtering algorithm; IP flow statistics; distributed denial-of-service flooding attacks; network traffic; public web servers; traffic routing; Computer crime; Computer vision; Filtering algorithms; Floods; Network servers; Routing; Statistics; Telecommunication traffic; Throughput; Web server; DDoS attack; Genetic algorithm; IP Flow statistics;

fLanguage

English

Publisher

ieee

Conference_Titel

Natural Computation, 2009. ICNC '09. Fifth International Conference on

Conference_Location

Tianjin

Print_ISBN

978-0-7695-3736-8

Type

conf

DOI

10.1109/ICNC.2009.550

Filename

5363277