Use of IP addresses for high rate flooding attack detection
Ahmed, Ejaz, Mohay, George M., Tickle, Alan, & Bhatia, Sajal (2010) Use of IP addresses for high rate flooding attack detection. In Proceedings of 25th International Information Security Conference (SEC 2010), Springer, Brisbane, Queensland.
High-rate flooding attacks (aka Distributed Denial of Service or DDoS attacks) continue to constitute a pernicious threat within the Internet domain. In this work we demonstrate how using packet source IP addresses coupled with a change-point analysis of the rate of arrival of new IP addresses may be sufficient to detect the onset of a high-rate flooding attack. Importantly, minimizing the number of features to be examined, directly addresses the issue of scalability of the detection process to higher network speeds. Using a proof of concept implementation we have shown how pre-onset IP addresses can be efficiently represented using a bit vector and used to modify a “white list” filter in a firewall as part of the mitigation strategy.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Conference Paper|
|Keywords:||IP addresses, bit vector, bloom filter, cumulative sum|
|Subjects:||Australian and New Zealand Standard Research Classification > TECHNOLOGY (100000) > COMMUNICATIONS TECHNOLOGIES (100500) > Computer Communications Networks (100503)|
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
|Copyright Owner:||Copyright 2010 [please consult the authors]|
|Deposited On:||08 Sep 2010 21:51|
|Last Modified:||29 Feb 2012 14:20|
Repository Staff Only: item control page