Detecting and tracing DDoS attacks in the traffic analysis using auto regressive model

Yuichi Uchiyama; Yuji Waizumi; Nei Kato; Yoshiaki Nemoto

Detecting and tracing DDoS attacks in the traffic analysis using auto regressive model

Yuichi Uchiyama, Yuji Waizumi, Nei Kato, Yoshiaki Nemoto

INF - Applied Information Sciences

Research output: Contribution to journal › Article › peer-review

8 Citations (Scopus)

Abstract

In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.

Original language	English
Pages (from-to)	2635-2643
Number of pages	9
Journal	IEICE Transactions on Information and Systems
Volume	E87-D
Issue number	12
Publication status	Published - 2004 Dec

Keywords

Attack duration time
Auto regressive model
DDoS
Detection
DoS
Tracing

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Vision and Pattern Recognition
Electrical and Electronic Engineering
Artificial Intelligence

Cite this

@article{b6d6fcbcd1974bc697cef5b2c7854634,

title = "Detecting and tracing DDoS attacks in the traffic analysis using auto regressive model",

abstract = "In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.",

keywords = "Attack duration time, Auto regressive model, DDoS, Detection, DoS, Tracing",

author = "Yuichi Uchiyama and Yuji Waizumi and Nei Kato and Yoshiaki Nemoto",

year = "2004",

month = dec,

language = "English",

volume = "E87-D",

pages = "2635--2643",

journal = "IEICE Transactions on Information and Systems",

issn = "0916-8532",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "12",

}

TY - JOUR

T1 - Detecting and tracing DDoS attacks in the traffic analysis using auto regressive model

AU - Uchiyama, Yuichi

AU - Waizumi, Yuji

AU - Kato, Nei

AU - Nemoto, Yoshiaki

PY - 2004/12

Y1 - 2004/12

N2 - In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.

AB - In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.

KW - Attack duration time

KW - Auto regressive model

KW - DDoS

KW - Detection

KW - DoS

KW - Tracing

UR - http://www.scopus.com/inward/record.url?scp=11144300797&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=11144300797&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:11144300797

VL - E87-D

SP - 2635

EP - 2643

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

SN - 0916-8532

IS - 12

ER -

Detecting and tracing DDoS attacks in the traffic analysis using auto regressive model

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this