By Topic

Dual-Level Attack Detection and Characterization for Networks under DDoS

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Anjali Sardana ; Dept. of Electron. & Comput. Eng., Indian Inst. of Technol. Roorkee, Roorkee, India ; Ramesh Chandra Joshi

DDoS attacks aim to deny legitimate users of the services. In this paper, we introduce novel dual - level attack detection (D-LAD) scheme for defending against the DDoS attacks. At higher and coarse level, the macroscopic level detectors (MaLAD) attempt to detect congestion inducing attacks which cause apparent slowdown in network functionality. The large volumes attacks are detected early at border routers in transit network before they converge at the victim. At lower and fine level, the microscopic level detectors (MiLAD) detect sophisticated attacks that cause network performance to degrade gracefully and stealth attacks that remain undetected in transit domain and do not impact the victim. These attacks have dramatic impact on victim and are detected at border routers in stub domain near the victim. We employ the concepts of varying threshold and change point detection on entropy to enhance the detection rate. Honeypots help achieve high filtering accuracy. Results demonstrate that in addition to being competitive than other techniques with respect to detection rate and false alarm rate, our scheme is very effective and works well in the presence of different DDoS attacks. The proposed technique provides the quite demanded solution to the DDoS problem.

Published in:

Availability, Reliability, and Security, 2010. ARES '10 International Conference on

Date of Conference:

15-18 Feb. 2010