Streaming Algorithms for Robust, Real-Time Detection of DDoS Attacks
Ganguly, S.
Garofalakis, M.
Rastogi, R.
Sabnani, K.
Indian Inst of Tech., Kanpur;
This paper appears in: Distributed Computing Systems, 2007. ICDCS '07. 27th International Conference on
Publication Date: 25-27 June 2007
On page(s): 4-4
Location: Toronto, ON,
ISSN: 1063-6927
ISBN: 0-7695-2837-3
INSPEC Accession Number: 10286487
Digital Object Identifier: 10.1109/ICDCS.2007.142
Current Version Published: 2007-07-09
Abstract
Effective mechanisms for detecting and thwarting distributed denial-of-service (DDoS) attacks are becoming increasingly important to the success of today's Internet as a viable commercial and business tool. In this paper, we propose novel data-streaming algorithms for the robust, real-time detection of DDoS activity in large ISP networks. The key element of our solution is a new, hash-based synopsis data structure for network-data streams that allows us to efficiently track, in guaranteed small space and time, destination IP addresses in the underlying network that are "large" with respect to the number of distinct source IP addresses that have established potentially-malicious (e.g., "half-open") connections to them. Our work is the first to address the problem of efficiently tracking the top distinct-source frequencies over a general stream of updates (insertions and deletions) to the set of underlying network flows, thus enabling us to effectively distinguish between DDoS activity and flash crowds. Preliminary experimental results verify the effectiveness of our approach.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
