Skip to main content
SpringerLink
Log in

A Service-oriented DDoS detection mechanism using pseudo state in a flow router

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

As distributed denial-of-service (DDoS) attacks have caused serious economic and social problems, there have been numerous researches to defend against them. The current DDoS defense system relies on a dedicated security device, which is located in front of the server it is required to protect. To detect DDoS attacks, this security device compares incoming traffic to known attack patterns. Since such a defense mechanism cannot prevent an influx of attack traffic into the network, and every packet must be compared against the known attack patterns, the mechanism often degrades the service. In this paper, we propose the Service-oriented DDoS Detection Mechanism using a Pseudo State (SDM-P), which runs on network devices to defend against DDoS attacks without sacrificing performance in terms of data forwarding. The SDM-P mechanism is suitable for both low- and high-rate attacks. In addition, we verified the performance of the SDM-P mechanism by evaluating its performance using a DDoS attack similar to the one that occurred in Korea and the USA on July 7th, 2009.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. BBC News, New ‘cyber attacks’ hit S Korea, 2009-07-09

  2. Bellovin SM (2000) ICMP traceback messages. Work in progress, internet draft draftbellovin-itrace-00.txt

  3. Binstock A (1996) Hashing rehashed: is RAM spped making your hashing less efficient? Dr. Dobb’s J vol. 4, no. 2

  4. Black JR Jr., Martel CU, Qi H (1998) Graph and hashing algorithms for modern architectures: Design and performance. In Proceedings of the 2nd Workshop on Algorithm Engineering (WAE’98), Saarbrucken, Germany

  5. Broder A, Mitzenmacher M (2001) Using multiple hash functions to improve IP lookups. In Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE INFOCOM 2001), Anchorage, AK

  6. Charette C (2011) Distributed denial of service attacks flare up. IEEE spectrum

  7. Gong C, Sarac K (2008) A more practical approach for single-packet IP traceback using packet logging and marking. IEEE Trans Parallel Distributed Syst 19:1310–1324

    Article  Google Scholar 

  8. Hillier FS, Lieberman GJ (2001) Introduction to operations research, 7th ed. McGraw-Hill Higher Education

  9. Internet Website: http://ita.ee.lbl.gov/html/contrib/WorldCup.html

  10. Internet Website: http://www.cavium.com/

  11. Internet Website: http://www.sablenetworks.com/index.php/en/

  12. Ioannidis J, Bellovin SM (2002) Implementing pushback: router-based defense against DDoS Attacks. Proc. NDSS’2002

  13. Jin C, Wang H, Shin KG (2003) Hop-count filtering: an effective defense against spoofed DDoS Traffic. Proceeding of the 10th ACM Conference on Computer and Communications Security

  14. Kuzmanovic A, Knightly EW (2001) Low-rate TCP-Targeted denial of service attacks and counter strategies. IEEE/ACM Transactions to Improve IP Lookups, INFOCOM 2001. Twentieth, ieeexplore.ieee.org

  15. Lau F, Rubin SH, Smith MH, et al. (2000) Distributed denial of service attacks. 2000 IEEE International Conference on Systems, Man, and Cybernetics

  16. Litwin W (1980) Linear hashing: a new tool for file and table addressing. In proceeding of: Sixth International Conference on Very Large Data Bases, October 1–3, 1980, Montreal, Quebec, Canada, Proceedings

  17. Paxson V (2006) End-to-end routing behavior in the internet. IEEE/ACM Transaction on Networking, pp. 601–615

  18. Shon T, Kim Y, Lee C, et al (2005) A machine learning framework for network anomaly detection using SVM and GA. The Sixth Annual IEEE SMC

  19. Tanachaiwiwiat S, Hwang K (2003) Differential packet filtering against DDoS flood attacks. Proc. ACM Conference on Computer and Communications Security (CCS)

  20. Waldvogel M, Varghese G, Turner J (1997) Scalable high speed IP routing lookups. dl.acm.org

  21. Wang H, Zhang D, Shin KG (2002) Detecting SYN Flooding Attacks. INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. Vol 3, 1530–1539

Download references

Acknowledgments

This research was partly supported by the R&D program of MSIP (Ministry of Science, ICT and Future Planning) [Project No. 10043380], the ITRC (Information Technology Research Center) support program [NIPA-2013-H0301-13-1003] supervised by the NIPA (National IT Industry Promotion Agency) and Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science, and Technology [Grant No. 2012R1A1A4A01004195].

Author information

Authors and Affiliations

  1. Communication Internet Research Lab., Network Software Research Section, Electronics and Telecommunications Research Institute, Daejeon, Republic of Korea

    PyungKoo Park & HoYong Ryu

  2. Information Security Lab., Department of Computer Engineering, Chungnam National University, Daejeon, Republic of Korea

    SeongMin Yoo & JaeCheol Ryou

  3. School of Electronics and Computer Engineering, Chonnam National University, Gwangju, Republic of Korea

    Jaehyung Park, Cheol Hong Kim & Su-il Choi

Authors
  1. PyungKoo Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. SeongMin Yoo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. HoYong Ryu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jaehyung Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Cheol Hong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Su-il Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. JaeCheol Ryou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to PyungKoo Park.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Park, P., Yoo, S., Ryu, H. et al. A Service-oriented DDoS detection mechanism using pseudo state in a flow router. Multimed Tools Appl 74, 6341–6363 (2015). https://doi.org/10.1007/s11042-014-2100-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-014-2100-5

Keywords

Search

Navigation