Abstract
Spoofing source IP addresses is always utilized to perform Distributed Denial-of-Service (DDoS) attacks. Most of current detection and prevention methods against DDoS ignore the innocent side, whose IP is utilized as the spoofed IP by the attacker. In this paper, a novel method has been proposed to against the direct DDoS attacks, which consists of two components: the client detector and the server detector. The cooperation of those two components and their interactive behavior lead to an early stage detection of a DDoS attack. From the result of experiments, the approach presented in this paper yields accurate DDoS alarms at early stage. Furthermore, such approach is insensitive to the false suspect alarms with adopted evaluation functions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Moore, D., Voelker, G., Savage, S.: Inferring internet denial of service activity. In: Proceedings of USENIX Security Symposium (2001)
Chen, Y.: Study on the prevention of SYN flooding by using traffic policing. In: Network Operations and Management Symposium 2000 IEEE/IFIP, pp. 593–604 (2000)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: Proceedings of IEEE INFOCOM, vol. 3, pp. 1530–1539 (2002)
Postel, J.: Transmission control protocol: DARPA internet program protocol specification, RFC 793 (1981)
Jin, C., Wang, H.N., Shin, K.G.: Hop-count filtering: An effective defense against spoofed DDoS traffic. In: Proceedings of the 10th ACM conference on Computer and communication security(CCS), pp. 30–41. ACM Press, New York (2003)
Lemon, J.: Resisting SYN flood DoS attacks with a SYN cache. In: Proceedings of the BSDCon 2002 Conference (2002)
Ferguson, P., Senie, D.: (Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing, RFC2827)
Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: INFOCOM 2001, pp. 878–886 (2001)
Sung, M., Xu, J.: IP traceback-based intelligent packet filtering: A novel technique for defending against internet DDoS attacks. IEEE Transactions on Parallel and Distributed Systems 14, 861–872 (2003)
Snoeren, A.C.: Hash-based IP traceback. In: Proceedings of the ACM SIGCOMM Conference, pp. 3–14. ACM Press, New York (2001)
Bellovin, S.M.: ICMP traceback messages. Technical report (2000)
Ioannidis, J., Bellovin, S.M.: Implementing pushback: Router-based defense against DDoS attacks. In: Proceedings of Network and Distributed System Security Symposium, Catamaran Resort Hotel San Diego, California, The Internet Society (2002)
Chang, R.K.: Defending against flooding-based distributed denial-of-service attacks: a tutorial. Communications Magazine 40, 42–51 (2002)
Yaar, A., Perrig, A., Song, D.: SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks. In: Proceedings 2004 IEEE Symposium, Security and Privacy, pp. 130–143 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xiao, B., Chen, W., He, Y. (2004). A Novel Technique for Detecting DDoS Attacks at Its Early Stage. In: Cao, J., Yang, L.T., Guo, M., Lau, F. (eds) Parallel and Distributed Processing and Applications. ISPA 2004. Lecture Notes in Computer Science, vol 3358. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30566-8_96
Download citation
DOI: https://doi.org/10.1007/978-3-540-30566-8_96
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24128-7
Online ISBN: 978-3-540-30566-8
eBook Packages: Computer ScienceComputer Science (R0)