{"title":"一种基于输入输出流量关系的启发式DDoS flood攻击检测机制分析","authors":"Fengxiang Zhang, S. Abe","doi":"10.1109/ICCCN.2007.4317915","DOIUrl":null,"url":null,"abstract":"Nowadays various kinds of anomalies are prohibiting the widely used Internet from offering normal services. Within them a novel anomaly is caused by bandwidth attacks. To defense these threats many detecting schemes are essentially based on unidirectional checking of traffic changes. When legitimately abrupt changes appear, they might result in false alarms. In this paper we consider the problem from the bidirectional-traffic view and analyze the traffic characteristics by checking the input/output traffic characteristics of the protected network node. We have analyzed the relationship between input and output traffic volume pairs in the simulation traffic and studied them both under normal and abnormal cases. Based on these analyses, we've proposed a heuristic DDoS flooding attack detection method and showed a verifying simulation as well.","PeriodicalId":388763,"journal":{"name":"2007 16th International Conference on Computer Communications and Networks","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A Heuristic DDoS Flooding Attack Detection Mechanism Analyses based on the Relationship between Input and Output Traffic Volumes\",\"authors\":\"Fengxiang Zhang, S. Abe\",\"doi\":\"10.1109/ICCCN.2007.4317915\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays various kinds of anomalies are prohibiting the widely used Internet from offering normal services. Within them a novel anomaly is caused by bandwidth attacks. To defense these threats many detecting schemes are essentially based on unidirectional checking of traffic changes. When legitimately abrupt changes appear, they might result in false alarms. In this paper we consider the problem from the bidirectional-traffic view and analyze the traffic characteristics by checking the input/output traffic characteristics of the protected network node. We have analyzed the relationship between input and output traffic volume pairs in the simulation traffic and studied them both under normal and abnormal cases. Based on these analyses, we've proposed a heuristic DDoS flooding attack detection method and showed a verifying simulation as well.\",\"PeriodicalId\":388763,\"journal\":{\"name\":\"2007 16th International Conference on Computer Communications and Networks\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-09-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 16th International Conference on Computer Communications and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2007.4317915\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 16th International Conference on Computer Communications and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2007.4317915","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Heuristic DDoS Flooding Attack Detection Mechanism Analyses based on the Relationship between Input and Output Traffic Volumes
Nowadays various kinds of anomalies are prohibiting the widely used Internet from offering normal services. Within them a novel anomaly is caused by bandwidth attacks. To defense these threats many detecting schemes are essentially based on unidirectional checking of traffic changes. When legitimately abrupt changes appear, they might result in false alarms. In this paper we consider the problem from the bidirectional-traffic view and analyze the traffic characteristics by checking the input/output traffic characteristics of the protected network node. We have analyzed the relationship between input and output traffic volume pairs in the simulation traffic and studied them both under normal and abnormal cases. Based on these analyses, we've proposed a heuristic DDoS flooding attack detection method and showed a verifying simulation as well.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
