With the rapid growth of networks in size and complexity, netwok administrators today are facing more and more challenges for protecting their networked computers and other devices from all kinds of attacks. Unlike the traditional methods of analyzing textual log data, a visual interactive system called DDoSViewer is proposed in this paper for detecting DDoS kind of network attacks. DDoSViewer ...

Distributed Denial of Service (DDoS) attacks represent a major threat to uninterrupted and efficient Internet service. In this paper, we empirically evaluate several major information metrics, namely, Hartley entropy, Shannon entropy, Renyi’s entropy, generalized entropy, Kullback–Leibler divergence and generalized information distance measure in their ability to detect both low-rate and high-r...

Cloud Computing has evolved as a new paradigm in which users can use on-demand services, according to their needs. However, security concerns are primary obstacles to a wider adoption of clouds. Newly born concepts that clouds introduced, such as multitenancy, resource sharing and outsourcing, create new challenges for the security research. DDoS (Distributed Denial of service) attack is the bi...

Internet threat Monitoring (ITM) is a monitoring system in the internet to detect, measure, characterize and track the security attacks against attack sources. Distributed Denial of Service (DDoS) is a serious threat to the internet. Attacker uses botnets to launch DDoS attack by sending malicious traffic and the goal is to exhaust ITM network resources such as utilization of network bandwidth,...

Although the prevention of Distributed Denial of Service (DDoS) attacks is not possible, detection of such attacks plays main role in preventing their progress. In the flooding attacks, especially new sophisticated DDoS, the attacker floods the network traffic toward the target computer by sending pseudo-normal packets. Therefore, multi-purpose IDSs do not offer a good performance (and accuracy...

While the increasing number of services available through computer networks is a source of great convenience for users, it raises several concerns, including the threat of hacking and the invasion of user privacy. Hackers can easily block network services by flooding traffic to servers or by breaking through network security, hence causing significant economic loss. It is well know that a Distr...

Distributed Denial of Service (DDoS) attack is one of the greatest threats to connectivity, continuity, and availability of the Internet. In this paper, two typical types of DDoS attacks, high-rate (Flood) and low-rate (Shrew), are studied on their generation principles, mechanism utilizations, behaviors, signatures, and attack performances. Experiment results show that: (I) high-rate DDoS send...

Detection and traceback of distributed denial of service (DDoS/DoS) attacks have become a challenge for network security. In this paper, we propose a lightweight cooperative detection framework (CCBFF) based on counting bloom filter to detect and trace DDoS/DoS attack online. The CCBFF contains 2 counting bloom filters CBF1 and CBF2. The CBF1 distinguishes different network connection topology ...

The damages from DDoS attacks are increasing as DDoS attacks are taking various forms. This has resulted not only in decreased reliability of organizations and corporations but also in the threat of national security. Organizations and corporations are making significant efforts in developing a system through which they can appropriately correspond to DDoS attacks. However, the studies on objec...

Spoofing source IP addresses is always utilized to perform Distributed Denial-of-Service (DDoS) attacks. Most of current detection and prevention methods against DDoS ignore the innocent side, whose IP is utilized as the spoofed IP by the attacker. In this paper, a novel method has been proposed to against the direct DDoS attacks, which consists of two components: the client detector and the se...