

A System for Distributed Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis
Abstract
Keywords
References
J. Françcois, A. El Atawy, E. Al Shaer, and R. Boutaba, “A collaborative approach for proactive detection of distributed denial of service attacks,” in Proc. IEEE MonAM, Toulouse, France, 2007, vol. 11.
V. Paxson, “End-to-end routing behavior in the Internet,” IEEE/ACM Trans. Netw., vol. 5, no. 5, pp. 601–615, Oct. 1997.
Sun, C., Fan, J., Shi, L., Liu, B.: „A novel router-based scheme to mitigate SYN flooding DDoS attacks‟. IEEE INFOCOM (Student Poster), Anchorage, Alaska, USA, May 2007
Gerald W. Gordon, „SYN cookies‟ , SANS Institute-2002
S.Gavaskar, R.Surendiran, Dr.E.Ramaraj, “Three Counter Defense Mechanism for TCP SYN Flooding Attacks”, International Journal of Computer Applications, Volume 6– No.6, September 2010
C. Sun1 C. Hu2 B. Liu3 “SACK2: effective SYN flood detection against skillful spoofs” Published in IET Information Security on 4th July 2011.
T. Peng, C. Leckie, and K. Ramamohanarao, “Survey of network- based defense mechanisms countering the DoS and DDoS problems,” Comput. Surv., vol. 39, Apr. 2007, Article 3.
E. Cooke, F. Jahanian, and D. Mcpherson, “The zombie roundup: Understanding, detecting, and disrupting botnets,” in Proc. SRUTI, Jun. 2005, pp. 39–4.
T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, “Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm,” in Proc. USENIX LEET, 2008, Article no. 9.
A. Feldmann, O. Maennel, Z. M. Mao, A. Berger, and B. Maggs, “Locating Internet routing instabilities,” Comput. Commun. Rev., vol. 34, no. 4, pp. 205–218, 2004.
A. Basu and J. Riecke, “Stability issues in OSPF routing,” in Proc. ACM SIGCOMM , 2001, pp. 225–236.
K. Xu, Z.-L. Zhang, and S. Bhattacharyya, “Internet traffic behavior profiling for network security monitoring,” IEEE/ACM Trans. Netw., vol. 16, no. 6, pp. 1241–1252, Dec. 2008.
Z. Zhang, M. Zhang, A. Greenberg, Y. C. Hu, R. Mahajan, and B. Christian, “Optimizing cost and performance in online service provider networks,” in Proc. USENIX NSDI, 2010, p. 3.
G. Badishi, A. Herzberg, and I. Keidar, “Keeping denial-of-service attackers in the dark,” IEEE Trans. Depend. Secure Comput., vol. 4, no.3, pp. 191–204, Jul.–Sep. 2007.
H. Farhat, “Protecting TCP services from denial of service attacks,” in Proc. ACM SIGCOMM LSAD, 2006, pp. 155–160.
A. Yaar, A. Perrig, and D. Song, “SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks,” in Proc. IEEE Symp. Security Privacy,May 2004, pp. 130–143.
H. Wang, D. Zhang, and K. Shin, “Change-point monitoring for the detection of DoS attacks,” IEEE Trans. Depend. Secure Comput., vol.1, no. 4, pp. 193–208, Oct.–Dec. 2004.
P. Verkaik, O. Spatscheck, J. Van der Merwe, and A. C. Snoeren, “Primed: Community-of-interest-based DDoS mitigation,” in Proc. ACM SIGCOMM LSAD, 2006, pp. 147–154.
G. Koutepas, F. Stamatelopoulos, and B. Maglaris, “Distributed management architecture for cooperative detection and reaction to DDoS attacks,” J. Netw. Syst. Manage., vol. 12, pp. 73–94, Mar. 2004.
A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for defending firewalls against DoS attacks ,” in Proc. IEEE INFOCOM, Apr. 2009, pp. 2437–2445.
H. Hamed, A. El-Atawy, and E. Al-Shaer, “Adaptive statistical optimization techniques for firewall packet filtering,” in Proc. IEEE INFOCOM, Apr. 2006, pp. 1–12.
A. El-Atawy, T. Samak, E. Al-Shaer, and H. Li, “Using online traffic statistical matching for optimizing packet filtering performance,” in Proc. IEEE INFOCOM, May 2007, pp. 866–874.
D. Das, U. Sharma, and D. K. Bhattacharyya, “Detection of HTTP flooding attacks in multiple scenarios,” in Proc. ACM Int. Conf. Commun., Comput. Security, 2011, pp. 517–522.
A. Sardana, R. Joshi, and T. hoon Kim, “Deciding optimal entropic thresholds to calibrate the detection mechanism for variable rate DDoS attacks in ISP domain,” in Proc. ISA, Apr. 2008, pp. 270–275.
E. Cooke, F. Jahanian, and D. Mcpherson, “The zombie roundup: Understanding, detecting, and disrupting botnets,” in Proc. SRUTI, Jun. 2005, pp. 39–44.
T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, “Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm,” in Proc. USENIX LEET, 2008, Article no. 9.
A. Feldmann, O. Maennel, Z. M. Mao, A. Berger, and B. Maggs, “Locating Internet routing instabilities,” Comput. Commun. Rev., vol. 34, no. 4, pp. 205–218, 2004.
A. Basu and J. Riecke, “Stability issues in OSPF routing,” in Proc. ACM SIGCOMM , 2001, pp. 225–236.
N. Brownlee and K. Claffy, “Understanding internet traffic streams: Dragonflies and tortoises,” IEEE Commun. Mag., vol. 40, no. 10, pp. 110–117, Oct. 2002.
M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On power-law relationships of the internet topology,” in Proc. ACM SIGCOMM, 1999, pp. 251–262.
The Cooperative Association for Internet Data Analysis, La Jolla, CA, “Archipelago measurement infrastructure,”Available:http://www.caida.org/projects/ark/
R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 DARPA off-line intrusion detection evaluation,” Comput. Netw., vol. 34, no. 4, pp. 579–595, 2000.
J. A. Barnett, “Computational methods for a mathematical theory of evidence,” in Proc. 7th Int. Joint Conf. Artif. Intell., 1981, pp. 868–875.
S. M. Bellovin, “Distributed firewalls,” Login Mag., vol. 24, no. 5, pp. 37–39, Nov. 1999.
S. Ioannidis, A. D. Keromytis, S. M. Bellovin, and J. M. Smith, “Implementing a distributed firewall,” in Proc. 7th ACM CCS, 2000, pp. 190–199, ACM Press.
R. N. Smith and S. Bhattacharya, “A protocol and simulation for distributed communicatingfirewalls,” in Proc. COMPSAC, 1999, pp. 74–79.
X. Bi, W. Tan, and R. Xiao, “A DDoS-oriented distributed defense framework based on edge router feedbacks in autonomous systems,” in Proc. Int. Multisymp. Comput. Comput. Sci., Oct. 2008, pp. 132–135.
S. H. Khor and A. Nakao, “Overfort: Combating DDoS with peer-topeer DDoS puzzle,” in Proc. IEEE IPDPS, Apr. 2008, pp. 1–8.
B. Gupta, M. Misra, and R. Joshi, “FVBA: A combined statistical approach for low rate degrading and high bandwidth disruptive DDoS attacks detection in ISP domain,” in Proc. 16th IEEE ICON, Dec. 2008, pp. 1–4.
J. L. Berral, N. Poggi, J. Alonso, R. Gavaldà,, J. Torres, and M. Parashar, “Adaptive distributed mechanism against flooding network attacks based on machine learning,” in Proc. ACM Workshop Artif. Intell. Security, 2008, pp. 43–50.
I. Yoo and U. Ultes-Nitsche, “Adaptive detection of worms/viruses in firewalls,” in Proc. CNIS, Dec. 2003, pp. 10–12.
Refbacks
- There are currently no refbacks.

This work is licensed under a Creative Commons Attribution 3.0 License.