Combining adaptive filtering and IF flows to detect DDOS attacks within a router

KSII Transactions on Internet and Information Systems

Volumn 4, Issue 3, 2010, Pages 428-451

  Yan, Ruoyu ^a,b   Zheng, Qinghua ^a   Li, Haifei ^c  

^a XI'AN JIAOTONG UNIVERSITY   (China)

^b GUANGDONG OCEAN UNIVERSITY   (China)

^c UNION UNIVERSITY   (United States)

Author keywords

Anomaly detection; Distributed denial of service; Kalman filter; Recursive least square; Router wide traffic analysis

Indexed keywords

EID: 77954255664     PISSN: None     EISSN: 19767277     Source Type: Journal    
DOI: 10.3837/tiis.2010.06.014     Document Type: Article

References (32)

1. V. D. Gligor, A note on denial-of-service in operating systems," IEEE Trans. Softw. Eng., vol. 10, no. 3, pp. 320-324, 1984.
2. Computer Crime Research Center, 2004 CSI/FBI Computer Crime and Security Survey, http://www.crime-research.org/news/11.06.2004/423/
3. P. Barford, J. Kline, D. Plonka, and A. Ron, "A Signal Analysis of Network Traffic Anomalies," in Proc. of Internet Measurement Workshop, 2002.
4. S. Kim, A. Reddy, and M. Vannucci, "Detecting Traffic Anomalies at the Source through Aggregate Analysis of Packet Header Data," in Proc. of Networking, 2004.
5. Tao Qin, Xiaohong Guan, Wei Li, and Pinghui Wang, "Dynamic Features Measurement and Analysis for Large-Scale Networks," in Proc. of ICC2008, CSIM workshop, pp. 212-216, 2008.
6. T. M. Gil, and M. Poletto, "Multops: a data-structure for bandwidth attack detection," in Proc. of the 10th USENIX Security Symposium, 2001.
7. Haakon Ringberg, Augustin Soule, Jennifer Rexford, Christophe Diot, "Sensitivity of PCA for Traffic Anomaly Detection," in Proc. of SIGMETRICS'07,USA, pp. 109-120, June 2007.
8. Anukool Lakhina, Mark Crovella, Christophe Diot, "Diagnosing Network-wide Traffic Anomalies," in Proc. of SIGCOMM'04, Portland, Oregon,USA, pp. 219-230, 2004.
9. Augustin Soule, Kave Salamatian, Nina Taft, "Combining Filtering and Statistical Methods for Anomaly Detection," in Proc. of Internet Measurement Conference, pp. 331-344, 2005.
10. A. Medina, C. Fraleigh, N. Taft, S. Bhattacharyya, C. Diot, "A Taxonomy of IP Traffic Matrices", in Proc. of Scalability and Traffic Control in IP Networks II, Boston, USA, pp. 200-213, 2003.
11. T. M. Gil and M. Poletto, "MULTOPS: A data-structure for bandwidth attack detection," in Proc. of the 10th USENIX Security Symposium, 2001.
12. H. Wang, D. Zhang and K. G. Shin, "Detecting SYN flooding attacks," in Proc. of IEEE INFOCOM, pp. 1530-1539, 2002.
13. Amit Kulkarni and Stephen Bush, "Detecting distributed denial-of-service attacks using kolmogorov complexity metrics," Journal of Network and Systems Management, vol. 14, no. 1, pp. 69-80, Mar. 2006.
14. Peng Tao, C. Leckie and K. Ramamohanarao, "Protection from distributed denial of service attacks using history-based IP filtering," in Proc. of ICC'03, pp. 482-486, 2003.
15. Yu Chen, Kai Hwang, Wei-Shinn Ku, "Collaborative Detection of DDoS Attacks over Multiple Network Domains," IEEE Trans. On Parallel and Distributed Systmes, vol. 18, no. 12, pp. 1649-1662, Dec. 2007.
16. Sun Zhi-Xin, Tang Yi-Wei, Cheng Yuan, "Router Anomaly Traffic Detection Based on Modified-CUSUM Algorithms," Journal of Software, vol. 16, no. 12, pp. 2117-2123, 2005.
17. Ruoyu Yan and Qinghua Zheng, "Using Renyi Cross Entropy to Analyze Traffic Matrix and Detect DDoS attack", Information Technology Journal, vol. 8, no. 8, pp. 1180-1188, 2009.
18. Krishan Kumar, R.C Joshi, Kuldip Singh, "A Distributed Approach using Entropy to Detect DDoS attacks in ISP Domain," in Proc. of International Conference on Signal Processing, Communications and Networking, pp. 331-337, 2007.
19. David K. Y. Yau, John C. S. Lui, Feng Liang, and Yeung Yam, "Defending Against Distributed Denial-of-Service Attacks With Max-Min Fair Server-Centric Router Throttles," IEEE/ACM TRANSACTIONS ON NETWORKING, vol. 13, no. 1, pp. 29-42, Feb. 2005.
20. Anukool Lakhina, Konstantina Papagiannaki, Mark Crovella, Christophe Diot, Eric D.Kolaczyk, and Nina Taft, "Structural Analysis of Network Traffic Flows," in Proc. Of SIGMETRICS/Performance, New York, USA, pp. 61-72, 2004.
21. Cisco IOS NetFlow White Papers, http://www.cisco.com/en/US/products/ps6601/prod_white_papers_list.html.
22. Cisco NetFlow Performance Analysis White Papers, http://www.cisco.com/en/US/technologies/tk543/tk812/technologies_white_paper0900aecd802a0eb9_ps6601_Products_White_Paper.html,2007.
23. Simon Haykin, "Adaptive Filter Theory," Beijing: Publishing House of Electronics Industry, 2002.
24. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-time," Computer Networks, vol. 31, no. 23-24, pp. 2435-2463, 1999.
25. Brett Ninness, Stuart Gibson, "The EM algorithm for Multivariable Dynamic System Estimation," Technical Report EE200101, 2001.
26. R. H. Shmway, D. S. Stoffer, "Dynamic Linear Models with Switching," Journal of the American Statistical Association, vol. 86, no. 415, pp. 763-769, 1991.
27. V. Digalakis, J. Rohlicek, M. Ostendorf, "ML Estimation of a Stochastic Linear System with the EM Algorithm and Its Application to Speech Recognition," IEEE Trans. On Speech and Audio Processing, vol. 1, no. 4, pp. 431-441, 1993.
28. Douglas M. Hawkins, Peihua Qiu, Chang Wook Kang, "The changepoint model for statistical process control," Journal of Quality Technology, vol. 35, no. 4, pp. 355-366, 2003.
29. D. Moore, G. M. Voelker, S. Savage, "Inferring internet Denial-of-Service activity," in Proc. of the 10th USENIX Security Symposium, pp. 9-22, 2001.
30. Hao Jiang, Constantinos Dovrolis, "Why Is the Internet Traffic Bursty in Short Time Scales," in Proc. of ACM SIG METRICS'05, pp. 241-252, June 2005.
31. J. Jung, B. Krishnamurthy and M. Rabinovich. "Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites," in Proc. of World Wide Web Conference, Hawaii, USA, 2002.
32. Anukool Lakhina, Mark Crovella, Christophe Diot, "Mining anomalies using traffic feature distributions," in Proc. of SIGCOMM'05, Philadelphia, Pennsylvania, USA, pp. 217-228, 2005.