Browse > Article
http://dx.doi.org/10.9709/JKSS.2010.19.4.151

DoS/DDoS attacks Detection Algorithm and System using Packet Counting  

Kim, Tae-Won (한양대학교 전자컴퓨터통신공학과)
Jung, Jae-Il (한양대학교 전자컴퓨터통신공학과)
Lee, Joo-Young (서경대학교 전자공학과)
Publication Information
Journal of the Korea Society for Simulation / v.19, no.4, 2010 , pp. 151-159 More about this Journal
Abstract
Currently, by using the Internet, We can do varius things such as Web surfing, email, on-line shopping, stock trading on your home or office. However, as being out of the concept of security from the beginning, it is the big social issues that malicious user intrudes into the system through the network, on purpose to steal personal information or to paralyze system. In addition, network intrusion by ordinary people using network attack tools is bringing about big worries, so that the need for effective and powerful intrusion detection system becomes very important issue in our Internet environment. However, it is very difficult to prevent this attack perfectly. In this paper we proposed the algorithm for the detection of DoS attacks, and developed attack detection tools. Through learning in a normal state on Step 1, we calculate thresholds, the number of packets that are coming to each port, the median and the average utilization of each port on Step 2. And we propose values to determine how to attack detection on Step 3. By programing proposed attack detection algorithm and by testing the results, we can see that the difference between the median of packet mounts for unit interval and the average utilization of each port number is effective in detecting attacks. Also, without the need to look into the network data, we can easily be implemented by only using the number of packets to detect attacks.
Keywords
DDoS Detection; IDS; IPS; Packet monitering;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Xin Xu, Xuening Wang, "An adaptive network intrusion detection method based on PCA and support vector machines", ADMA 2005, LNAI 3584, pp. 696-703, 2005.
2 J Charzinski "HTTP/TCP connection and flow characteristics", Performance Evaluation, pp. 149-162, 2000.
3 H Sengar, D Wijesekera, H Wang, S Jajodia "VoIP Intrusion Detection Through Interacting Protocol State Machines" Dependable Systems and Networks, 2006. DSN 2006.
4 Biswanath Mukherjee, L Todd Heberlein, Karl Levitt, "Network Intrusion Detection", IEEE Network, Volume 8, Issue 3, pp. 26-41, May 1995.
5 Felix Lau, stuart H. Rubin, Michael H. Smith, Ljiljana Trajkovic, "Distributed Denial of Service Attacks", 2000 IEEE International Conference on Systems, Man and Cybernetics, Volume:, pp. 2275-2280, 3, 2000.
6 G Carl, G Kesidis, RR Brooks, S Rai, "Denial of service attack detection techniques", IEEE Internet Computing, pp. 82-89 January 2006.