Use of IP Addresses for High Rate Flooding Attack Detection - Security and Privacy - Silver Linings in the Cloud Access content directly
Conference Papers Year : 2010

Use of IP Addresses for High Rate Flooding Attack Detection

Abstract

High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a "white list" filter in a firewall as part of the mitigation strategy.
Fichier principal
Vignette du fichier
11-Paper-212-Use_of_IP_Addresses_for_High_Rate_Flooding_Attack_Detection-Ahmed_Ejaz.pdf (268.43 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01054522 , version 1 (07-08-2014)

Licence

Attribution

Identifiers

Cite

Ejaz Ahmed, George Mohay, Alan Tickle, Sajal Bhatia. Use of IP Addresses for High Rate Flooding Attack Detection. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.124-135, ⟨10.1007/978-3-642-15257-3_12⟩. ⟨hal-01054522⟩
101 View
1345 Download

Altmetric

Share

Gmail Facebook X LinkedIn More