Protecting servers against DDoS attacks with improved source IP address monitoring scheme

DDoS attacks have caused severe damage to servers and are a great intimidation to the development of new services. Recently, a simple but robust detection system was proposed. The referred scheme is based on the monitoring of the source IP addresses of the incoming packets. However, it is possible t...

Full description

Saved in:
Bibliographic Details
Published in2006 2nd Conference on Next Generation Internet Design and Engineering, 2006. NGI '06 pp. 6 pp. - 159
Main Authors Takada, H.H., Anzaloni, A.
Format Conference Proceeding
LanguageEnglish
Published IEEE 2006
Subjects
Bandwidth
Computer crime
Degradation
Detection algorithms
Intrusion detection
Monitoring
Protection
Robustness
Statistical distributions
Statistics
Online AccessGet full text

Cover

More Information
Summary:DDoS attacks have caused severe damage to servers and are a great intimidation to the development of new services. Recently, a simple but robust detection system was proposed. The referred scheme is based on the monitoring of the source IP addresses of the incoming packets. However, it is possible to show that the proposed scheme is unable to identify correctly the end of an attack and a high variance in the measured statistic degrades its performance. In this paper, it is presented a detection algorithm to monitor the source IP addresses of the incoming packets. The new algorithm requires little calculations and it meets the requirement of real time detection. Simulations using both real and synthetic attacks proved that the improved system presents lower number of false positive alarms, is able to detect correctly the end of the attacks and to deal with high variances in the measured statistics
ISBN:0780394550
9780780394551
DOI:10.1109/NGI.2006.1678236