Detection and traceback of distributed denial of service (DDoS/DoS) attacks have become a challenge for network security. In this paper, we propose a lightweight cooperative detection framework (CCBFF) based on counting bloom filter to detect and trace DDoS/DoS attack online. The CCBFF contains 2 counting bloom filters CBF1 and CBF2. The CBF1 distinguishes different network connection topology ...

Distributed Denial of Service (DDoS) attacks is an important thread in internet. In IPv6 internet worms are difficult to identify, because of the total amount of traffic which does not allow the instant investigation of fine points. In Internet Protocol Version 6 (IPv6) networks one of the common traffic flows occurs is UDP data flows. It is an unreliable data flow. This characteristic can be u...

Resisting distributed denial of service (DDoS) attacks become more challenging with the availability of resources and techniques to attackers. The application-layer-based DDoS attacks utilize legitimate HTTP requests to overwhelm victim resources are more undetectable and are protocol compliant and non-intrusive. Focusing on the detection for application layer DDoS attacks, the existing scheme ...

Distributed denial of service (DDoS) attacks have become a major threat to organizations and especially to internet and intranet. In DDoS attacks targets are overwhelmed by sending an enormous amount of traffic from a number of attack sites. The major task of any defense system is to detect these attacks accurately and quickly, before it causes an unrecoverable loss. Most of the research in th...

In recent years, distributed denial of service (DDoS) attacks have become a major security threat to Internet services. How to detect and defend against DDoS attacks is currently a hot topic in both industry and academia. In this paper, we propose a novel framework to robustly and efficiently detect DDoS attacks and identify attack packets. The key idea of our framework is to exploit spatial an...

Recently, many attack detection methods adopts machine learning algorithm to improve attack detection accuracy and automatically react to the attacks. However, the previous mechanisms based on machine learning have some disadvantages such as high false positive rate and computing overhead. In this paper, we propose a new DDoS detection model based on multiple SVMs (Support Vector Machine) in or...

IP Flow is classified into the Micro-flow and the Macro-flow, which provides a way of selecting proper features used to detect DDoS. Five abstracted features’ capabilities of recognizing DDoS are analyzed through experiments. With these features as inputs, a neural network classifier is used to detect DDoS. Experiments’ results show that these IP Flow based features can be very helpful to DDoS ...

Distributed denial-of-service (DDoS) attacks cause havoc by exploiting threats to Internet services. In this paper, we propose E-LDAT, a lightweight extended-entropy metric-based system for both DDoS flooding attack detection and IP (Internet Protocol) traceback. It aims to identify DDoS attacks effectively by measuring the metric difference between legitimate traffic and attack traffic. IP tra...

With the proliferation of Internet applications and network-centric services, network and system security issues are more important than before. In the past few years, cyber attacks, including distributed denial-of-service (DDoS) attacks, have a significant increase on the Internet, resulting in degraded confidence and trusts in the use of Internet. However, the present DDoS attack detection te...

-A Distributed denial of service (DDoS) attack uses multiple machines operating in concern to attack a network or site. It is the most important security problem for IT managers. These attacks are very simple organized for intruders and hence so disruptive. The detection and defense of this attack has specific importance among network specialists. In this paper a new and smart taxonomy of DDoS ...