| Presentation | 2002/12/6 A DDoS Detection Method based on Analysis of Protocol Sequence and Packet Header Information Shigehiro ANO, Toru HASEGAWA, Fumito KUBOTA, |
|---|---|
| PDF Download Page | PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Recently, the network attacks such as DDoSs (Distributed Denial of Service) have been increasing. In order to cope with the increase, many ISP (Internet Service Provider) customers introduce IDSs (Intrusion Detection Systems). However, the IDSs cannot always detect the network attacks due to dropping the packets when DDoS packets are aggregated to the customer's gigabit link. In addition, the DDoS packets block the user packets unless the ISP operator filters them at the ingress links from the exterior networks. Therefore, for ISP network management, we propose a DDoS attack and source detection system that includes the IDS function and IP trace back function. The system consists of the monitors and their manager. A monitor is deployed over every border link with the exterior IP network or ISP customer's LAN to watch the ingress traffic to the ISP network. The distributed multiple monitors can share the DDoS detection load such as capturing and analyzing the traffic; therefore they are applicable to large scale ISP networks using PC-based DDoS detection system. Furthermore, each monitor uses the trace back function to identify the DDoS packets. In this paper, we show the effectiveness of the system by supporting both functions of IDS and IP trace back through its implementation and the evaluation results. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Traffic Monitor / Network Management / DDoS / Active Network |
| Paper # | IN2002-148 |
| Date of Issue |
| Conference Information | |
| Committee | IN |
|---|---|
| Conference Date | 2002/12/6(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Networks (IN) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A DDoS Detection Method based on Analysis of Protocol Sequence and Packet Header Information |
| Sub Title (in English) | |
| Keyword(1) | Traffic Monitor |
| Keyword(2) | Network Management |
| Keyword(3) | DDoS |
| Keyword(4) | Active Network |
| 1st Author's Name | Shigehiro ANO |
| 1st Author's Affiliation | KDDI R&D Laboratories Inc.() |
| 2nd Author's Name | Toru HASEGAWA |
| 2nd Author's Affiliation | KDDI R&D Laboratories Inc. |
| 3rd Author's Name | Fumito KUBOTA |
| 3rd Author's Affiliation | Communications Research Laboratory |
| Date | 2002/12/6 |
| Paper # | IN2002-148 |
| Volume (vol) | vol.102 |
| Number (no) | 498 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |