Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test

Chin-Ling Chen

1st International ICST Workshop on Multimedia Security in Communication

Research Article

Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1109/CHINACOM.2008.4685254,
    author={Chin-Ling Chen},
    title={Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test},
    proceedings={1st International ICST Workshop on Multimedia Security in Communication},
    publisher={IEEE},
    proceedings_a={MUSIC},
    year={2008},
    month={11},
    keywords={},
    doi={10.1109/CHINACOM.2008.4685254}
}

Chin-Ling Chen
Year: 2008
Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test
MUSIC
IEEE
DOI: 10.1109/CHINACOM.2008.4685254

Chin-Ling Chen¹^,*

1: Department of Information Management National Pingtung Institute of Commerce Pingtung, Taiwan 900

*Contact email: clchen@mail.npic.edu.tw

Abstract

This study has proposed a new detection method for DDoS attack traffic based on statistical test. We first investigate the statistics of SYN arrival rate and find that SYN arrival rate can be can be modeled by normal distribution. We set up a threshold for maximum arrival rate to detect DDoS flood traffic. We also establish a threshold for incomplete three-way handshaking packet ratio to detect possible DDoS traffic. The experiment results show that the possibilities of both false positives and false negatives are very low. The proposed mechanism is demonstrated to have the capability of detecting DDoS attack accurately.

Published: 2008-11-21
Publisher: IEEE
Modified: 2010-05-16

: http://dx.doi.org/10.1109/CHINACOM.2008.4685254

Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test

Abstract

About EAI

Community

Publish with EAI