| Presentation | 2016-03-03 Evaluation of the attack detection method based on duration of continuous packet arrival Yuhei Hayashi, Satoshi Nishiyama, Akinori Suzuki, Katsuhiko Sakai, Ichiro Kudo, Kazunori Kamiya, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Application layer DDoS attacks occur frequently. In order to detect the attacks in network, a security appliance with Deep Packet Inspection capability is deployed. Since it costs much to apply Deep Packet Inspection for every traffic flow, it is practical to deploy 2-stage detection model: 1st-stage finds suspicious traffic flows and extradites only the suspicious flows to the security appliance, and then 2nd-stage executes detailed analysis. However, the conventional methods in the 1st-stage could fail to find low-volume application DDoS attacks since it only calculates the amount of traffic. In this paper, we propose a new 1st-stage detection method based on continuous packet arrival duration. We show the fact that there is a distinct difference in duration of continuous packet arrival between normal traffic and attack traffic. We describe how this insight is applied to the proposed method and discuss the effectiveness of the method by qualitative evaluation comparing with the conventional method. We also discuss the variation of undetected rate by parameter setting. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DDoS attack / Attack detection / HTTP GET Flooding / Packet counting / Detection accuracy / Low volume attacks |
| Paper # | ICSS2015-56 |
| Date of Issue | 2016-02-25 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2016/3/3(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Academic Center for Computing and Media Studies, Kyoto University |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Information and Communication System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Takashi Nishide(Mitsubishi Electric) / Yoshiaki Shiraishi(NII) |
| Assistant | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Evaluation of the attack detection method based on duration of continuous packet arrival |
| Sub Title (in English) | |
| Keyword(1) | DDoS attack |
| Keyword(2) | Attack detection |
| Keyword(3) | HTTP GET Flooding |
| Keyword(4) | Packet counting |
| Keyword(5) | Detection accuracy |
| Keyword(6) | Low volume attacks |
| 1st Author's Name | Yuhei Hayashi |
| 1st Author's Affiliation | Nippon Telegraph and Telephone corporation(NTT) |
| 2nd Author's Name | Satoshi Nishiyama |
| 2nd Author's Affiliation | Nippon Telegraph and Telephone corporation(NTT) |
| 3rd Author's Name | Akinori Suzuki |
| 3rd Author's Affiliation | Nippon Telegraph and Telephone corporation(NTT) |
| 4th Author's Name | Katsuhiko Sakai |
| 4th Author's Affiliation | Nippon Telegraph and Telephone corporation(NTT) |
| 5th Author's Name | Ichiro Kudo |
| 5th Author's Affiliation | Nippon Telegraph and Telephone corporation(NTT) |
| 6th Author's Name | Kazunori Kamiya |
| 6th Author's Affiliation | Nippon Telegraph and Telephone corporation(NTT) |
| Date | 2016-03-03 |
| Paper # | ICSS2015-56 |
| Volume (vol) | vol.115 |
| Number (no) | ICSS-488 |
| Page | pp.pp.53-58(ICSS), |
| #Pages | 6 |
| Date of Issue | 2016-02-25 (ICSS) |