Use of IP Addresses for High Rate Flooding Attack Detection - Security and Privacy - Silver Linings in the Cloud
Conference Papers Year : 2010

Use of IP Addresses for High Rate Flooding Attack Detection

Abstract

High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a "white list" filter in a firewall as part of the mitigation strategy.
Fichier principal
Vignette du fichier
11-Paper-212-Use_of_IP_Addresses_for_High_Rate_Flooding_Attack_Detection-Ahmed_Ejaz.pdf (274.43 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01054522 , version 1 (07-08-2014)

Licence

Identifiers

Cite

Ejaz Ahmed, George Mohay, Alan Tickle, Sajal Bhatia. Use of IP Addresses for High Rate Flooding Attack Detection. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.124-135, ⟨10.1007/978-3-642-15257-3_12⟩. ⟨hal-01054522⟩
126 View
1379 Download

Altmetric

Share

More