Detecting and Tracing DDoS Attacks in the Traffic Analysis Using Auto Regressive Model

Search this Article

Author(s)

Abstract

In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.

Journal

  • IEICE Transactions on Traffic Measurement and Analysis

    IEICE Transactions on Traffic Measurement and Analysis 87(12), 2635-2643, 2004-12-01

    The Institute of Electronics, Information and Communication Engineers

References:  17

Cited by:  1

Codes

  • NII Article ID (NAID)
    110003213873
  • NII NACSIS-CAT ID (NCID)
    AA10826272
  • Text Lang
    ENG
  • Article Type
    Journal Article
  • ISSN
    09168532
  • Data Source
    CJP  CJPref  NII-ELS 
Page Top