期刊
出版社
IEEE
关键词
DDoS flooding attacks; attack detection; high-speed network; sketch; sampling
资金
- National Key R&D Program of China [2020YFB1807503]
- Jiangsu Provincial Key Laboratory of Network and Information Security
- Fundamental Research Funds for the Central Universities [3209012202C3, 3209012201C3]
This paper proposes a hierarchical system named HDS for efficient and continuous DDoS flooding attack detection in high-speed networks. By using sketches to track sampled traffic at different levels of aggregation and training traffic classifiers for each level, it can quickly identify attack victims and minimize hash collisions.
As the scale of Distributed Denial of Service (DDoS) flooding attacks has increased significantly, many detection methods have applied sketch data structures to compress the IP traffic for storage saving. However, due to the large IP address space, these methods need to flush the sketch frequently to reduce the hash collisions. Besides, few of them can be applied to detect attacks in the high-speed network where sampling is usually adopted. This paper proposes a hierarchical system named HDS for efficient and continuous DDoS flooding attack detection in high-speed networks. Rather than directly processing the IP traffic, HDS uses sketches to track sampled traffic at different levels of aggregation: interface level, area level, and host level. Then traffic classifiers are trained for each level for attack detection. The main advantage of our approach is that each detection level only tracks a small set of traffic, which can identify the attack victim fastly and hardly causes hash collisions. Experimental results on the real-world 10Gbps network traffic datasets show that HDS can effectively detect various DDoS flooding attacks with high accuracy and identify the victim within an average of 10s when the sampling rate exceeds 1/2048.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据