Volume 14, Number 6

A Resource-Efficient Collaborative System for DDOS Attack Detection and Victim Identification

  Authors

Fei Wang, Zhenxing Li and Xiaofeng Wang, National University of Defense Technology, China

  Abstract

Distributed Denial of Service (DDoS) attacks seriously threaten network security. Most countermeasures perceive attacks after the damage has been down. This paper thus focuses on the detection of DDoS attacks, and more importantly, victim identification as early as possible, so asto promote attack reaction in time. We present a resource-efficient collaborative DDoS detection system, called F-LOW. Profiting from bitwise-based hash function, split sketch, and lightweight IP reconstruction, F-LOW can defeat shortcomings of principle component analysis (PCA) and regular sketch. With a certain number of distributed detection nodes, F-LOW can detect DDoS attacks and identify victim IPs before the attack traffic arrives victim network. Outperforming previous work, our system fits all Four-LOW properties, low profile, low dimensional, low overhead and low transmission, of a promising DDoS countermeasure. Through simulation and theoretical analysis, we demonstrate such properties and remarkable efficacy of our approach in DDoS mitigation.

  Keywords

DDoS detection, victim identification, principle component analysis, split sketch, bitwise-based hash.