Issue No. 04 - October-December (2005 vol. 2)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2005.50
Creating defenses against flooding-based, distributed denial-of-service (DDoS) attacks requires real-time monitoring of network-wide traffic to obtain timely and significant information. Unfortunately, continuously monitoring network-wide traffic for suspicious activities presents difficult challenges because attacks may arise anywhere at any time and because attackers constantly modify attack dynamics to evade detection. In this paper, we propose a method for early attack detection. Using only a few observation points, our proposed method can monitor the macroscopic effect of DDoS flooding attacks. We show that such macroscopic-level monitoring might be used to capture shifts in spatial-temporal traffic patterns caused by various DDoS attacks and then to inform more detailed detection systems about where and when a DDoS attack possibly arises in transit or source networks. We also show that such monitoring enables DDoS attack detection without any traffic observation in the victim network.
Index Terms- DDoS attack, monitoring, network traffic, attack dynamics, spatial-temporal pattern.
Kevin Mills, Jian Yuan, "Monitoring the Macroscopic Effect of DDoS Flooding Attacks", IEEE Transactions on Dependable and Secure Computing, vol. 2, no. , pp. 324-335, October-December 2005, doi:10.1109/TDSC.2005.50