1st International ICST Workshop on Multimedia Security in Communication

Research Article

Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1109/CHINACOM.2008.4685254,
    author={Chin-Ling Chen},
    title={Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test},
    proceedings={1st International ICST Workshop on Multimedia Security in Communication},
    publisher={IEEE},
    proceedings_a={MUSIC},
    year={2008},
    month={11},
    keywords={},
    doi={10.1109/CHINACOM.2008.4685254}
}
  • Chin-Ling Chen
    Year: 2008
    Detecting Distributed Denial-of-Service Attack Traffic by Statistical Test
    MUSIC
    IEEE
    DOI: 10.1109/CHINACOM.2008.4685254
Chin-Ling Chen1,*
  • 1: Department of Information Management National Pingtung Institute of Commerce Pingtung, Taiwan 900
*Contact email: clchen@mail.npic.edu.tw

Abstract

This study has proposed a new detection method for DDoS attack traffic based on statistical test. We first investigate the statistics of SYN arrival rate and find that SYN arrival rate can be can be modeled by normal distribution. We set up a threshold for maximum arrival rate to detect DDoS flood traffic. We also establish a threshold for incomplete three-way handshaking packet ratio to detect possible DDoS traffic. The experiment results show that the possibilities of both false positives and false negatives are very low. The proposed mechanism is demonstrated to have the capability of detecting DDoS attack accurately.

Published
2008-11-21
Publisher
IEEE
Modified
2010-05-16
http://dx.doi.org/10.1109/CHINACOM.2008.4685254
Copyright © 2008–2024 IEEE