| 講演抄録/キーワード |
| 講演名 |
2006-01-20 10:00
A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion
○Zhang FengXiang(Sokendai)・Shunji Abe(NII) |
| 抄録 |
(和) |
Denial of Service( DoS)/DDoS(Distribute DoS) attacks become the most prevalent threats against the widely used Internet. The goal of DoS/DDoS attacks is to prevent victim machines or networks from offering service to their legitimate users.
Many detecting mechanisms based on traffic statistics properties have been proposed. However most of them are essentially based on unidirectional traffic changes. Thus they might result in serious false alarms when legitimately abrupt changes appear. We have proposed a heuristic detection scheme, which mainly checks the In/Out traffic proportion at the protected node。ッs gateway or the router nearby. In normal cases, this kind of proportion is close to a constant value. By checking the likelihood ratio of the proportion distribution between two adjacent periods, we are able to find anomaly changes.
After comprehensively considering the feasibility and practicability, we have constructed an anomaly detecting scheme based on in/out traffic proportion, directly towards the significant targets on Internet. |
| (英) |
Denial of Service( DoS)/DDoS(Distribute DoS) attacks become the most prevalent threats against the widely used Internet. The goal of DoS/DDoS attacks is to prevent victim machines or networks from offering service to their legitimate users.
Many detecting mechanisms based on traffic statistics properties have been proposed. However most of them are essentially based on unidirectional traffic changes. Thus they might result in serious false alarms when legitimately abrupt changes appear. We have proposed a heuristic detection scheme, which mainly checks the In/Out traffic proportion at the protected node。ッs gateway or the router nearby. In normal cases, this kind of proportion is close to a constant value. By checking the likelihood ratio of the proportion distribution between two adjacent periods, we are able to find anomaly changes.
After comprehensively considering the feasibility and practicability, we have constructed an anomaly detecting scheme based on in/out traffic proportion, directly towards the significant targets on Internet. |
| キーワード |
(和) |
Denial of service attacks / IP networks / legitimately abrupt change / In/Out traffic proportion / Generalized Likelihood Ratio / / / |
| (英) |
Denial of service attacks / IP networks / legitimately abrupt change / In/Out traffic proportion / Generalized Likelihood Ratio / / / |
| 文献情報 |
信学技報, vol. 105, no. 530, IA2005-20, pp. 7-11, 2006年1月. |
| 資料番号 |
IA2005-20 |
| 発行日 |
2006-01-12 (IA) |
| ISSN |
Print edition: ISSN 0913-5685 |
| PDFダウンロード |
|