Detecting DDoS attacks with passive measurement based heuristics

I
ISCC
2004
Ninth IEEE Symposium on Computers and Communications 2004 Volume 1 (ISCC'04)
Abstract - Detecting DDoS attacks with passive measurement based heuristics

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by C. Siaterlis Articles by B. Maglaris

Ninth IEEE Symposium on Computers and Communications 2004 Volume 1 (ISCC'04)

Alexandria, Egypt

June 28-July 01

ISBN: 0-7803-8623-X

	ASCII Text	x
	C. Siaterlis, B. Maglaris, "Detecting DDoS attacks with passive measurement based heuristics," Computers and Communications, IEEE Symposium on, vol. 1, pp. 339-344, Ninth IEEE Symposium on Computers and Communications 2004 Volume 1 (ISCC'04), 2004.

	BibTex	x
	@article{ 10.1109/ISCC.2004.1358427, author = {C. Siaterlis and B. Maglaris}, title = {Detecting DDoS attacks with passive measurement based heuristics}, journal ={Computers and Communications, IEEE Symposium on}, volume = {1}, year = {2004}, isbn = {0-7803-8623-X}, pages = {339-344}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISCC.2004.1358427}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computers and Communications, IEEE Symposium on TI - Detecting DDoS attacks with passive measurement based heuristics SN - 0-7803-8623-X SP339 EP344 A1 - C. Siaterlis, A1 - B. Maglaris, PY - 2004 VL - 1 JA - Computers and Communications, IEEE Symposium on ER -

C. Siaterlis, Network Manage. & Optimal Design (NETMODE) Lab, Nat. Tech. Univ. of Athens, Greece

B. Maglaris, Network Manage. & Optimal Design (NETMODE) Lab, Nat. Tech. Univ. of Athens, Greece

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISCC.2004.1358427

Network traffic anomalies such as distributed denial of service attacks or the propagation of a new worm are hard to detect on noncongested ISP backbone links. The research community hasn't managed to offer reliable detection metrics that can be implemented with the current technology constraints to network administrators yet. In this work we explore and evaluate the effectiveness of several potential heuristics in detecting flooding attacks. Our observations are based on a daily network traffic analysis for a period longer than 3 months and on more than 40 experiments that were conducted with the use of common DDoS tools in the production network of an academic ISP. The data analyzed are based on different types of passive measurements that are available today to ISP's. We identify multiple effective detection metrics that could give network administrators insight to malicious activities passing through their networks.

Citation:

C. Siaterlis, B. Maglaris, "Detecting DDoS attacks with passive measurement based heuristics," iscc, vol. 1, pp.339-344, Ninth IEEE Symposium on Computers and Communications 2004 Volume 1 (ISCC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.