| HAL-Inria | Publications, software ... of Inria's scientists |
Conference papers
Use of IP Addresses for High Rate Flooding Attack Detection
Abstract : High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a "white list" filter in a firewall as part of the mitigation strategy.
Cited literature [21 references]
https://hal.inria.fr/hal-01054522
Contributor : Hal Ifip <>
Submitted on : Thursday, August 7, 2014 - 10:17:36 AM
Last modification on : Friday, August 11, 2017 - 11:12:40 AM
Long-term archiving on: : Wednesday, November 26, 2014 - 1:36:24 AM
Contributor : Hal Ifip <>
Submitted on : Thursday, August 7, 2014 - 10:17:36 AM
Last modification on : Friday, August 11, 2017 - 11:12:40 AM
Long-term archiving on: : Wednesday, November 26, 2014 - 1:36:24 AM
File
11-Paper-212-Use_of_IP_Address...
Files produced by the author(s)
Licence
Distributed under a Creative Commons Attribution 4.0 International License