A resource utilization measurement detection against DDoS attacks

Abstract

We has proposed a DDoS detection combining rule-based and anomaly-based scheme, in which three types of system resource usage are examined. We first analyze the performance of the proposed system under the conditions imposed by both of the normal traffic and the TFN2K attack. Secondly, we find the minimum cost, such as the saturation time and critical point, for attack traffic to saturate the victim. Thirdly, a thorough investigation on comparison of the proposed scheme and the other well-known schemes is presented. Our analysis and experiments demonstrate that the proposed scheme along with ANOVA can work very well with suitable combination and fine tuning of threshold value.