Abstract
In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.
Original language | English |
---|---|
Pages (from-to) | 2635-2643 |
Number of pages | 9 |
Journal | IEICE Transactions on Information and Systems |
Volume | E87-D |
Issue number | 12 |
Publication status | Published - 2004 Dec |
Keywords
- Attack duration time
- Auto regressive model
- DDoS
- Detection
- DoS
- Tracing
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Vision and Pattern Recognition
- Electrical and Electronic Engineering
- Artificial Intelligence