Skip to Main content Skip to Navigation
Conference papers

Use of IP Addresses for High Rate Flooding Attack Detection

Abstract : High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a "white list" filter in a firewall as part of the mitigation strategy.
Document type :
Conference papers
Complete list of metadata

Cited literature [21 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, August 7, 2014 - 10:17:36 AM
Last modification on : Friday, August 11, 2017 - 11:12:40 AM
Long-term archiving on: : Wednesday, November 26, 2014 - 1:36:24 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Ejaz Ahmed, George Mohay, Alan Tickle, Sajal Bhatia. Use of IP Addresses for High Rate Flooding Attack Detection. 25th IFIP TC 11 International Information Security Conference (SEC) / Held as Part of World Computer Congress (WCC), Sep 2010, Brisbane, Australia. pp.124-135, ⟨10.1007/978-3-642-15257-3_12⟩. ⟨hal-01054522⟩



Record views


Files downloads