首页    期刊浏览 2024年10月06日 星期日
登录注册

文章基本信息

  • 标题:A Scalable DDoS Detection Framework with Victim Pinpoint Capability
  • 本地全文:下载
  • 作者:Liu, Haiqin ; Sun, Yan ; Kim, Min Sik
  • 期刊名称:Journal of Communications
  • 印刷版ISSN:1796-2021
  • 出版年度:2011
  • 卷号:6
  • 期号:9
  • 页码:660-670
  • DOI:10.4304/jcm.6.9.660-670
  • 语种:English
  • 出版社:ACADEMY PUBLISHER
  • 摘要:In recent years, various intrusion detection and prevention systems have been proposed to detect DDoS attacks and mitigate the caused damage. However, many existing IDS systems still keep per-flow state to detect anomaly, and thus do not scale with link speeds in multigigabit networks. In this paper, we present a two-level approach for scalable and accurate DDoS attack detection by exploiting the asymmetry in the attack traffic. In the coarse level, we use a modified count-min sketch (MCS) for fast detection, and in the fine level, we propose a bidirectional count sketch (BCS) to achieve better accuracy. At both detection levels, sketch structures are utilized to ensure the scalability of our scheme. The main advantage of our approach is that it can track the victims of attacks without recording every IP address found in the traffic. Such feature is significant for the detection in the highspeed environment. We also propose a SRAM-based parallel architecture to achieve high-speed process. Furthermore, we analyze accuracy estimation issues to provide hints for practical deployment with constraint memory. We finally demonstrate how to extend our original scheme to a collaborative detection framework. Experimental results using the real Internet traffic show that our approach is able to quickly detect anomaly events and track those victims with a high level of accuracy while it can save over 90% key storage compared with previous sketch-based approaches.
  • 关键词:intrusion detection; distribute denial of service; victim pinpoint capability; two-level scheme, asymmetry traffic; count min sketch; bidirectional count sketch
国家哲学社会科学文献中心版权所有