Use of IP addresses for high rate flooding attack detection
Data(s) |
01/09/2010
|
---|---|
Resumo |
High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a “white list” filter in a firewall as part of the mitigation strategy. |
Formato |
application/pdf |
Identificador | |
Publicador |
Springer |
Relação |
http://eprints.qut.edu.au/34395/1/c34395.pdf http://www.wcc2010.com/sec2010 Ahmed, Ejaz, Mohay, George M., Tickle, Alan, & Bhatia, Sajal (2010) Use of IP addresses for high rate flooding attack detection. In Proceedings of 25th International Information Security Conference (SEC 2010), Springer, Brisbane, Queensland. |
Direitos |
Copyright 2010 [please consult the authors] |
Fonte |
Faculty of Science and Technology; Information Security Institute |
Palavras-Chave | #100503 Computer Communications Networks #IP addresses #bit vector #bloom filter #cumulative sum |
Tipo |
Conference Paper |