This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
27th International Conference on Distributed Computing Systems (ICDCS '07)
Streaming Algorithms for Robust, Real-Time Detection of DDoS Attacks
Toronto, Canada
June 25-June 27
ISBN: 0-7695-2837-3
Sumit Ganguly, Indian Inst. of Tech. Kanpur, India
Minos Garofalakis, Yahoo! Research California, USA
Rajeev Rastogi, Bell Labs Bangalore, India
Krishan Sabnani, Bell Labs New Jersey, USA
Effective mechanisms for detecting and thwarting Distributed Denial-of-Service (DDoS) attacks are becoming increasingly important to the success of today?s Internet as a viable commercial and business tool. In this paper, we propose novel data-streaming algorithms for the robust, real-time detection of DDoS activity in large ISP networks. The key element of our solution is a new, hashbased synopsis data structure for network-data streams that allows us to efficiently track, in guaranteed small space and time, destination IP addresses in the underlying network that are "large" with respect to the number of distinct source IP addresses that have established potentially-malicious (e.g., "half-open") connections to them. Our work is the first to address the problem of efficiently tracking the top distinct-source frequencies over a general stream of updates (insertions and deletions) to the set of underlying network flows, thus enabling us to effectively distinguish between DDoS activity and flash crowds. Preliminary experimental results verify the effectiveness of our approach.
Citation:
Sumit Ganguly, Minos Garofalakis, Rajeev Rastogi, Krishan Sabnani, "Streaming Algorithms for Robust, Real-Time Detection of DDoS Attacks," icdcs, pp.4, 27th International Conference on Distributed Computing Systems (ICDCS '07), 2007
Usage of this product signifies your acceptance of the Terms of Use.