Scheduled System Maintenance:
On May 6th, single article purchases and IEEE account management will be unavailable from 8:00 AM - 5:00 PM ET (12:00 - 21:00 UTC). We apologize for the inconvenience.
By Topic

Distributed denial of service detection using TCP/IP header and traffic measurement analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Limwiwatkul, L. ; Nat. Electron. & Comput. Technol. Center, Pathumthanee, Thailand ; Rungsawang, A.

Recently, the detection of distributed denial of service (DDoS) and the discovery of DDoS attacking signature used the mean of traffic measurement analysis at protocol level. This technique is not suited to find the signatures of DDoS attack, which is formless. Also, DDoS is in general the combination of different forms of denial of service (DoS). As a result, it is difficult to find the exact signature of attack. Moreover, it is very difficult to distinguish the difference between an unusual high traffic which is caused by the attack, and the flash crowds which normally occur when a huge number of users use the target machine at the same time. In fact, this difference should only be observed from analyzing the data in the packet header. In this paper, we propose to discover the DDoS attacking signature by analyzing the TCP/IP packet header against the well defined rules and conditions, and distinguish the difference between normal and abnormal traffic. We here observe three groups or delegates of DDoS attacking, i.e., ICMP flood, UDP flood and TCP SYN flood, and present convincing preliminary experiments.

Published in:

Communications and Information Technology, 2004. ISCIT 2004. IEEE International Symposium on  (Volume:1 )

Date of Conference:

26-29 Oct. 2004