In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Yuichi UCHIYAMA, Yuji WAIZUMI, Nei KATO, Yoshiaki NEMOTO, "Detecting and Tracing DDoS Attacks in the Traffic Analysis Using Auto Regressive Model" in IEICE TRANSACTIONS on Information,
vol. E87-D, no. 12, pp. 2635-2643, December 2004, doi: .
Abstract: In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.
URL: https://global.ieice.org/en_transactions/information/10.1587/e87-d_12_2635/_p
Copy
@ARTICLE{e87-d_12_2635,
author={Yuichi UCHIYAMA, Yuji WAIZUMI, Nei KATO, Yoshiaki NEMOTO, },
journal={IEICE TRANSACTIONS on Information},
title={Detecting and Tracing DDoS Attacks in the Traffic Analysis Using Auto Regressive Model},
year={2004},
volume={E87-D},
number={12},
pages={2635-2643},
abstract={In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.},
keywords={},
doi={},
ISSN={},
month={December},}
Copy
TY - JOUR
TI - Detecting and Tracing DDoS Attacks in the Traffic Analysis Using Auto Regressive Model
T2 - IEICE TRANSACTIONS on Information
SP - 2635
EP - 2643
AU - Yuichi UCHIYAMA
AU - Yuji WAIZUMI
AU - Nei KATO
AU - Yoshiaki NEMOTO
PY - 2004
DO -
JO - IEICE TRANSACTIONS on Information
SN -
VL - E87-D
IS - 12
JA - IEICE TRANSACTIONS on Information
Y1 - December 2004
AB - In recent years, interruption of services large-scale business sites and Root Name Servers caused by Denial-of-Service (DoS) attacks or Distributed DoS (DDoS) attacks has become an issue. Techniques for specifying attackers are, thus important. On the other hand, since information on attackers' source IP addresses are generally spoofed, tracing techniques are required for DoS attacks. In this paper, we predict network traffic volume at observation points on the network, and detect DoS attacks by carefully examining the difference between predicted traffic volume and actual traffic volume. Moreover, we assume that the duration time of an attack is the same at every observation point the attack traffic passes, and propose a tracing method that uses attack duration time as a parameter. We show that our proposed method is effective in tracing DDoS attacks.
ER -