Monitoring the Macroscopic Effect of DDoS Flooding Attacks
- 21 November 2005
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Dependable and Secure Computing
- Vol. 2 (4), 324-335
- https://doi.org/10.1109/tdsc.2005.50
Abstract
Creating defenses against flooding-based, distributed denial-of-service (DDoS) attacks requires real-time monitoring of network-wide traffic to obtain timely and significant information. Unfortunately, continuously monitoring network-wide traffic for suspicious activities presents difficult challenges because attacks may arise anywhere at any time and because attackers constantly modify attack dynamics to evade detection. In this paper, we propose a method for early attack detection. Using only a few observation points, our proposed method can monitor the macroscopic effect of DDoS flooding attacks. We show that such macroscopic-level monitoring might be used to capture shifts in spatial-temporal traffic patterns caused by various DDoS attacks and then to inform more detailed detection systems about where and when a DDoS attack possibly arises in transit or source networks. We also show that such monitoring enables DDoS attack detection without any traffic observation in the victim network.Keywords
This publication has 28 references indexed in Scilit:
- Inferring Internet denial-of-service activityACM Transactions on Computer Systems, 2006
- Long-range dependence ten years of Internet traffic modelingIEEE Internet Computing, 2004
- Large scale cross-correlations in Internet trafficPhysical Review E, 2002
- Exploring collective dynamics in communication networksJournal of Research of the National Institute of Standards and Technology, 2002
- Spectra and eigenvectors of scale-free networksPhysical Review E, 2001
- On the defense of the distributed denial of service attacks: an on-off feedback control approachIEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, 2001
- Practical network support for IP tracebackACM SIGCOMM Computer Communication Review, 2000
- Self-similarity in World Wide Web traffic: evidence and possible causesIEEE/ACM Transactions on Networking, 1997
- Wide area traffic: the failure of Poisson modelingIEEE/ACM Transactions on Networking, 1995
- End-to-end arguments in system designACM Transactions on Computer Systems, 1984