Skip to Main content Skip to Navigation
Conference papers

Use of IP Addresses for High Rate Flooding Attack Detection

Abstract : High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a "white list" filter in a firewall as part of the mitigation strategy.
Document type :
Conference papers
Complete list of metadatas

Cited literature [21 references]  Display  Hide  Download

https://hal.inria.fr/hal-01054522
Contributor : Hal Ifip <>
Submitted on : Thursday, August 7, 2014 - 10:17:36 AM
Last modification on : Friday, August 11, 2017 - 11:12:40 AM
Long-term archiving on: : Wednesday, November 26, 2014 - 1:36:24 AM

File

11-Paper-212-Use_of_IP_Address...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Ejaz Ahmed, George Mohay, Alan Tickle, Sajal Bhatia. Use of IP Addresses for High Rate Flooding Attack Detection. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.124-135, ⟨10.1007/978-3-642-15257-3_12⟩. ⟨hal-01054522⟩

Share

Metrics