A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion
スポンサーリンク
概要
- 論文の詳細を見る
Denial of Service(DoS)/DDoS(Distribute DoS) attacks become the most prevalent threats against the widely used Internet. The goal of DoS/DDoS attacks is to prevent victim machines or networks from offering service to their legitimate users. Many detecting mechanisms based on traffic statistics properties have been proposed. However most of them are essentially based on unidirectional traffic changes. Thus they might result in serious false alarms when legitimately abrupt changes appear. We have proposed a heuristic detection scheme, which mainly checks the In/Out traffic proportion at the protected node's gateway or the router nearby. In normal cases, this kind of proportion is close to a constant value. By checking the likelihood ratio of the proportion distribution between two adjacent periods, we are able to find anomaly changes. After comprehensively considering the feasibility and practicability, we have constructed an anomaly detecting scheme based on in/out traffic proportion, directly towards the significant targets on Internet.
- 一般社団法人情報処理学会の論文
- 2006-01-19
著者
-
Abe Shunji
National Inst. Informatics Tokyo Jpn
-
ZHANG Fengxiang
Department of Informatics Graduate University for Advanced Studies
関連論文
- Architectural Design of Next-Generation Science Information Network(Advanced Transfer Technologies for the Next Generation Network)
- A Traffic Decomposition and Prediction Method for Detecting and Tracing Network-Wide Anomalies
- 奨励講演 Two-level Mobile Routing System for IPv6 Network Mobility
- Entropy-based input-output traffic mode detection scheme for DoS/DDoS attacks (ネットワークシステム)
- Traffic Characteristics of Assembled Burst Traffic for Optical Burst Switching Networks
- A DDoS flooding attack detection mechanism analyses based on the relationship between input and output traffic volumes (ネットワークシステム)
- BS-10-10 An Edge Buffering Based Fast Restoration Scheme for Optical Burst Switching Networks(BS-10. Network Planning, Control, and Management)
- BS-10-20 An IP Packet Size Entropy-based Algorithm for Detection of DoS/DDoS Attacks(BS-10.Network Planning, Control, and Management,symposium)
- BS-8-1 An Advanced Timer-based Burst Assembly Algorithm with Traffic Shaping in Optical Burst Switching Networks(BS-8. Technology and Architecture for Ubiquitous Network Systems,ENGLISH SESSION)
- IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
- Detecting and tracing traffic volume anomalies in an academic network (情報ネットワーク)
- BS-15-6 A Rescheduling Scheme for Providing Joint QoS in Optical Burst Switching Networks(BS-15.Network Planning, Control, and Management,ENGLISH SESSION)
- Traffic Analysis and Traffic-Smoothing Burst Assembly Methods for the Optical Burst Switching Network(Switching for Communications)
- BS-8-19 A Heuristic Scheme to Distinguish Legitimate Traffic from Attack Traffic in Networks Anomaly Detection(BS-8. Technology and Architecture for Ubiquitous Network Systems,ENGLISH SESSION)
- A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion
- A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion