Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2004.11C.6.711

Performance Analysis of Packet Sampling Mechanisms for DDoS Attack Detection  

Kang Kil-Soo (아주대학교 정보통신전문대학원 정보통신과)
Lee Joon-Hee (아주대학교 정보통신전문대학원 정보통신과)
Choi Kyung-Hee (아주대학교 정보통신전문대학원)
Jung Gi-Hyun (아주대학교 전자공학부)
Shim Jae-Hong (조선대학교 인터넷소프트웨어공학부)
Publication Information
The KIPS Transactions:PartC / v.11C, no.6, 2004 , pp. 711-718 More about this Journal
Abstract
Packet sampling is the techniques to collect a part of the packets through network and analyze the characteristicsof the traffic for managing the network and keeping security. This paper presents a study on the sampling techniques applied to DDoS traffic and on the characteristics of the sampled traffic to detect DDoS attack efficiently and improve traffic analysis capacity. Three famous sampling techniques are evaluated with different sampling rates on various DDoS traffics. To analyze traffic characteristics, one of the DDoS attack detection method. Traffic Rate Analysis (TRA) is used. Simulation results verify that using sampling techniques preserve the traffic characteristics of DDoS and do not significantly reduce the detection accuracy.
Keywords
DDoS Attack Detection; Packet-based Sampling; Traffic Rate Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Nick Duffield, Carsten Lund and Mikkel Thorup, 'Properties and Prediction of Flow Statistics from Sampled Packet Streams,' ACM SIGCOMM Internet Measurement Workshop 2002, Marseille, France, Nov., 2002   DOI
2 Symantec Security Response TFN2K, see : http://securityresponse.symantec.com/avcenter/venc/ data/tfn2k.html
3 Kimberly C. Claffy, George C. Polyzox, and Hans-Werner Braun, 'Application of Sampling Methodologies to Network Traffic Characterization,' Computer Communication Review, Vol.23, No.4, pp.194-203, Oct., 1993, appeared in Proceedings ACM SIGCOMM '93, San Fracisco, CA, pp. 13-17, Sep., 1993   DOI
4 Joseph Reves and Sonia Panchen, 'Traffic Monitoring with Packet-Based Sampling for Defense against Security Threats,' Passive & Active Measurement Workshop, Colorado, USA, Mar., 2002
5 Cristian Estan and George Varghese, 'New Directions in Traffic Measurement and Accounting,' ACM SIGCOMM Internet Measurement Workshop 2001, San Francisco, CA, Nov., 2001
6 InMon Corp., 'Using sFlow and InMon Traffic Server for Intrusion Detection and other Security Applications,' 2001, see : http://www.sflow.org/SamplingforSecurity.pdf
7 Jelena Mirkovic, Janice Martin and Peter Reiher. 'A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms,' Computer Science Department, University of California, Los Angeles, Technical Report No.020018, 2002
8 Cheolho Lee, Sanguk Noh, Kyunghee Choi and Gihyun Jung, 'Characterizing DDoS Attacks with Traffic Rate Analysis,' In Proceedings of the International Conference e-Society, Vol.1, pp.81-88, Lisbon, Portugal, June, 2003