A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction

Yi Shi; Xinyu Yang; Huijun Zhu

A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction

Yi Shi
, Xinyu Yang
, Huijun Zhu

电子与信息学部

Xi'an Jiaotong University

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

1 引用（Scopus）

摘要

This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.

源语言	英语
主期刊名	Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings
出版商	Springer Verlag
页	252-267
页数	16
ISBN（印刷版）	3540476997, 9783540476993
出版状态	已出版 - 2006
活动	1st International Workshop on Security, IWSEC 2006 - Kyoto, 日本期限: 23 10月 2006 → 24 10月 2006

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	4266 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	1st International Workshop on Security, IWSEC 2006
国家/地区	日本
市	Kyoto
时期	23/10/06 → 24/10/06

其它文件与链接

链接到 Scopus 的出版物

引用此

Shi, Y., Yang, X., & Zhu, H. (2006). A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction. 在 Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings (页码 252-267). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 4266 LNCS). Springer Verlag.

Shi, Yi ; Yang, Xinyu ; Zhu, Huijun. / A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction. Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. Springer Verlag, 2006. 页码 252-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{6f120f8713f540fdaf655de56c0b10ec,

title = "A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction",

abstract = "This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.",

author = "Yi Shi and Xinyu Yang and Huijun Zhu",

year = "2006",

language = "英语",

isbn = "3540476997",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "252--267",

booktitle = "Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings",

note = "1st International Workshop on Security, IWSEC 2006 ; Conference date: 23-10-2006 Through 24-10-2006",

}

Shi, Y, Yang, X & Zhu, H 2006, A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction. 在 Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 4266 LNCS, Springer Verlag, 页码 252-267, 1st International Workshop on Security, IWSEC 2006, Kyoto, 日本, 23/10/06.

A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction. / Shi, Yi; Yang, Xinyu; Zhu, Huijun.
Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. Springer Verlag, 2006. 页码 252-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 4266 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction

AU - Shi, Yi

AU - Yang, Xinyu

AU - Zhu, Huijun

PY - 2006

Y1 - 2006

N2 - This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.

AB - This paper analyzed the features of the flooding-based DoS/DDoS attack traffic, and proposed a novel real-time algorithm for detecting such DoS/DDoS attacks. In order to shorten the delay of detection, short-term traffic prediction was introduced, and prediction values were used in the detecting process. Though we use real-time traffic data to calculate the mean and variance, few periods of data need to be stored because the algorithm is a recurring process, therefore the occupied storage space is less. Moreover, the complex and cost of the recurring process is less than calculating the whole sequence, so the load of the server would not increase much. Although we focus our research on detecting flooding-based DoS/DDoS attacks, the simulation shows that the approach also can deal with DDoS attacks that zombies start without simultaneousness.

UR - https://www.scopus.com/pages/publications/33845247561

M3 - 会议稿件

AN - SCOPUS:33845247561

SN - 3540476997

SN - 9783540476993

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 252

EP - 267

BT - Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings

PB - Springer Verlag

T2 - 1st International Workshop on Security, IWSEC 2006

Y2 - 23 October 2006 through 24 October 2006

ER -

Shi Y, Yang X, Zhu H. A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction. 在 Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. Springer Verlag. 2006. 页码 252-267. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

A flooding-based DoS/DDoS detecting algorithm based on traffic measurement and prediction

摘要

出版系列

会议

其它文件与链接

学术指纹

引用此