dc.contributor.author |
Siaterlis, C |
en |
dc.contributor.author |
Maglaris, B |
en |
dc.date.accessioned |
2014-03-01T02:42:34Z |
|
dc.date.available |
2014-03-01T02:42:34Z |
|
dc.date.issued |
2004 |
en |
dc.identifier.issn |
15301346 |
en |
dc.identifier.uri |
https://dspace.lib.ntua.gr/xmlui/handle/123456789/31050 |
|
dc.subject |
ddos attack |
en |
dc.subject |
Distributed Denial of Service |
en |
dc.subject |
Passive Measurement |
en |
dc.subject |
Production Network |
en |
dc.subject.other |
Algorithms |
en |
dc.subject.other |
Bandwidth |
en |
dc.subject.other |
Data reduction |
en |
dc.subject.other |
Heuristic methods |
en |
dc.subject.other |
Parameter estimation |
en |
dc.subject.other |
Spamming |
en |
dc.subject.other |
Detection algorithms |
en |
dc.subject.other |
Distributed denial of service (DDoS) |
en |
dc.subject.other |
Heuristics |
en |
dc.subject.other |
Network traffic |
en |
dc.subject.other |
Telecommunication traffic |
en |
dc.title |
Detecting DDoS attacks with passive measurement based heuristics |
en |
heal.type |
conferenceItem |
en |
heal.identifier.primary |
10.1109/ISCC.2004.1358427 |
en |
heal.identifier.secondary |
http://dx.doi.org/10.1109/ISCC.2004.1358427 |
en |
heal.publicationDate |
2004 |
en |
heal.abstract |
Network traffic anomalies such as Distributed Denial of Service attacks or the propagation of a new worm are hard to detect on non-congested ISP backbone links. The research community hasn't managed to offer reliable detection metrics that can be implemented with the current technology constraints to network administrators yet. In this work we explore and evaluate the effectiveness of several potential heuristics in detecting flooding attacks. Our observations are based on a daily network traffic analysis for a period longer than 3 months and on more than 40 experiments that were conducted with the use of common DDoS tools in the production network of an academic ISP. The data analyzed are based on different types of passive measurements that are available today to ISP's. We identify multiple effective detection metrics that could give network administrators insight to malicious activities passing through their networks. |
en |
heal.journalName |
Proceedings - International Symposium on Computers and Communications |
en |
dc.identifier.doi |
10.1109/ISCC.2004.1358427 |
en |
dc.identifier.volume |
1 |
en |
dc.identifier.spage |
339 |
en |
dc.identifier.epage |
344 |
en |