Available Bandwidth Estimation and its Application in Detection of DDoS Attacks
Detection of Distributed Denial of Service (DDoS) attacks over the Internet is crucial for many Internet applications, such as electronic commerce, network games, P2P, etc. Based on anomaly detection information, network route selection, Quality of Service (QoS) provision, and traffic engineering can be performed to bypass the abnormal areas or to immigrate the attack traffic. To detect the DDoS attacks in networks outside manageable areas, we need to send probing packets. This paper first surveys the existing available bandwidth estimation tools (ABETs) and divides them into two categories. Most ABETs can measure the available bandwidth of a path over networks, and provide knowledge about the tight link of the path. This paper then presents a method using the ABETs and the bottleneck localization tools to estimate total available bandwidth inside a network from the network edge without additional cooperation of the edge or core routers. The method continuously measures the network bandwidth. The measurement results are then used to detect whether DDoS attacks appear by a special cumulative sum (CUSUM) algorithm. Simulations verified the efficiency of the network available bandwidth measurement method and the detection algorithm.
Li He Binhua Tang Shunzheng Yu
Department of Electronic and Communication Engineering,Sun Yat-Sen University,Guangzhou 510275,China 2Department of Biomedical Engineering,Tongji University,200092,China
国际会议
广州
英文
2008-11-19(万方平台首次上网日期,不代表论文的发表时间)