• DocumentCode
    3525758
  • Title

    Detecting distributed denial-of-service attack traffic by statistical test

  • Author

    Chen, Chin-Ling

  • Author_Institution
    Dept. of Inf. Manage., Nat. Pingtung Inst. of Commerce, Pingtung
  • fYear
    2008
  • fDate
    25-27 Aug. 2008
  • Firstpage
    1253
  • Lastpage
    1257
  • Abstract
    This study has proposed a new detection method for DDoS attack traffic based on statistical test. We first investigate the statistics of SYN arrival rate and find that SYN arrival rate can be can be modeled by normal distribution. We set up a threshold for maximum arrival rate to detect DDoS flood traffic. We also establish a threshold for incomplete three-way handshaking packet ratio to detect possible DDoS traffic. The experiment results show that the possibilities of both false positives and false negatives are very low. The proposed mechanism is demonstrated to have the capability of detecting DDoS attack accurately.
  • Keywords
    normal distribution; security of data; statistical testing; telecommunication security; telecommunication traffic; SYN arrival rate; distributed denial-of-service attack traffic detection; normal distribution; statistical testing; three-way handshaking packet ratio; Business; Computer crime; Floods; Gaussian distribution; Information management; Protocols; TCPIP; Telecommunication traffic; Testing; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications and Networking in China, 2008. ChinaCom 2008. Third International Conference on
  • Conference_Location
    Hangzhou
  • Print_ISBN
    978-1-4244-2373-6
  • Electronic_ISBN
    978-1-4244-2374-3
  • Type

    conf

  • DOI
    10.1109/CHINACOM.2008.4685254
  • Filename
    4685254
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3525758