Detecting and Tracing DDoS Attacks in the Traffic Analysis Using Auto Regressive Model
-
- UCHIYAMA Yuichi
- NTT DATA CORPORATION
-
- WAIZUMI Yuji
- Graduate School of Information Sciences (GSIS), Tohoku University
-
- KATO Nei
- Graduate School of Information Sciences (GSIS), Tohoku University
-
- NEMOTO Yoshiaki
- Graduate School of Information Sciences (GSIS), Tohoku University
Search this article
Abstract
In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.
Journal
-
- IEICE Transactions on Traffic Measurement and Analysis
-
IEICE Transactions on Traffic Measurement and Analysis 87 (12), 2635-2643, 2004-12-01
The Institute of Electronics, Information and Communication Engineers
- Tweet
Details
-
- CRID
- 1571417127442285184
-
- NII Article ID
- 110003213873
-
- NII Book ID
- AA10826272
-
- ISSN
- 09168532
-
- Text Lang
- en
-
- Data Source
-
- CiNii Articles