Classifying DDoS packets in high-speed networks
نویسندگان
چکیده
Recently high-speed networks have been utilized by attackers as Distributed Denial of Service (DDoS) attack infrastructure. Services on high-speed networks also have been attacked by successive waves of the DDoS attacks. How to sensitively and accurately detect the attack traffic, and quickly filter out the attack packets are still the major challenges in DDoS defense. Unfortunately most current defense approaches can not efficiently fulfill these tasks. Our approach is to find the network anomalies by using neural network and classify DDoS packets by a Bloom filter-based classifier (BFC). BFC is a set of spaceefficient data structures and algorithms for packet classification. The evaluation results show that the simple complexity, high classification speed and accuracy and low storage requirements of this classifier make it not only suitable for DDoS filtering in high-speed networks, but also suitable for other applications such as string matching for intrusion detection systems and IP lookup for programmable routers.
منابع مشابه
A Review on Hot-IP Finding Methods and Its Application in Early DDoS Target Detection
On the high-speed connections of the Internet or computer networks, the IP (Internet Protocol) packet traffic passing through the network is extremely high, and that makes it difficult for network monitoring and attack detection applications. This paper reviews methods to find the high-occurrence-frequency elements in the data stream and applies the most efficient methods to find Hot-IPs that a...
متن کاملA High-Speed PacketScore DDoS Defense System
Distributed Denial of Service (DDoS) attacks pose a significant threat to the Internet while no effective defense schemes have been proposed or deployed. PacketScore has been proposed as a proactive DDoS defense scheme, which detects DDoS attacks, differentiates attacking packets from good ones with the use of packet scoring (scores are calculated per-packet based on the attribute values it pos...
متن کاملUnified Rate Limiting in Broadband Access Networks for Defeating Internet Worms and DDoS Attacks
Internet worms and DDoS attacks are considered the two most menacing attacks on today’s Internet. The traditional wisdom is that they are different beasts, and they should be dealt with independently. In this paper, however, we show that a unified rate limiting algorithm is possible, which effectively works on both Internet worms and DDoS attacks. The unified approach leads to higher worm traff...
متن کاملRobust and efficient detection of DDoS attacks for large-scale internet
In recent years, distributed denial of service (DDoS) attacks have become a major security threat to Internet services. How to detect and defend against DDoS attacks is currently a hot topic in both industry and academia. In this paper, we propose a novel framework to robustly and efficiently detect DDoS attacks and identify attack packets. The key idea of our framework is to exploit spatial an...
متن کاملA fault tolerance routing protocol considering defined reliability and energy consumption in wireless sensor networks
In wireless sensor networks, optimal consumptionof energy and having maximum life time are important factors. In this article attempt has been made to send the data packets with particular reliability from the beginning based on AODV protocol. In this way two new fields add to the routing packets and during routing and discovering of new routes, the lowest remained energy of nodes and route tra...
متن کامل