A New Way to Detect DDoS Attacks within Single Router
Different from other research work focusing on network-wide traffic, the traffic we focus on for analysis is that of a traffic state viewed from a router’s interior. In this paper, at first, a kind of Port-to-Port traffic in a router is introduced, which we call IF flow. IF flows can amplify the ratio of attack traffic to normal traffic. Then RLS (recursive least square) filter is used to predict IF flows. After that, a statistical method using residual filtered process is proposed to detect anomalies. Finally we respectively apply the method to three types of traffics: IF flows, input links and output links within a router, and compare the anomaly detection results using ROC curves. Results show that IF flows are more powerful than input links and output links in DDoS attacks detection.
anomaly detection distributed denial of service recursive least square router-wide traffic analysis
Ruoyu Yan Qinghua Zheng Guolin Niu Sheng Gao
MOE KLINNS Lab and SKLMS Lab, Department of Computer Science and Technology Xi’an Jiaotong Universit MOE KLINNS Lab and SKLMS Lab, Department of Computer Science and Technology Xi’an Jiaotong Universit School of Information Science Guangdong Ocean University Zhanjiang, Guangdong Proviance, China
国际会议
广州
英文
2008-11-19(万方平台首次上网日期,不代表论文的发表时间)