Title :
Detecting distributed denial-of-service attack traffic by statistical test
Author_Institution :
Dept. of Inf. Manage., Nat. Pingtung Inst. of Commerce, Pingtung
Abstract :
This study has proposed a new detection method for DDoS attack traffic based on statistical test. We first investigate the statistics of SYN arrival rate and find that SYN arrival rate can be can be modeled by normal distribution. We set up a threshold for maximum arrival rate to detect DDoS flood traffic. We also establish a threshold for incomplete three-way handshaking packet ratio to detect possible DDoS traffic. The experiment results show that the possibilities of both false positives and false negatives are very low. The proposed mechanism is demonstrated to have the capability of detecting DDoS attack accurately.
Keywords :
normal distribution; security of data; statistical testing; telecommunication security; telecommunication traffic; SYN arrival rate; distributed denial-of-service attack traffic detection; normal distribution; statistical testing; three-way handshaking packet ratio; Business; Computer crime; Floods; Gaussian distribution; Information management; Protocols; TCPIP; Telecommunication traffic; Testing; Traffic control;
Conference_Titel :
Communications and Networking in China, 2008. ChinaCom 2008. Third International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-1-4244-2373-6
Electronic_ISBN :
978-1-4244-2374-3
DOI :
10.1109/CHINACOM.2008.4685254
