Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System

  • Jun-Sang Park
  • Myung-Sup Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5297)


Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate.


Traffic Flooding Attack DoS/DDoS SNMP MIB Detection Algorithm Detection Time Detection System 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Proc. of the Usenix Security Symposium, Washington, D.C, pp. 401–414 (2001)Google Scholar
  2. 2.
    Duarte Jr., E., dos Santos, A.L.: Network Fault Management Based on SNMP Agent Groups. In: Proc. of ICDCSW, p. 51 (2001)Google Scholar
  3. 3.
    Yoo, D.-S., Oh, C.-S.: Traffic Gathering and Analysis Algorithm for Attack Detection. In: KoCon 2004 Spring Integrated conference, vol. 4, pp. 33–43 (2004)Google Scholar
  4. 4.
    IETF RFC 1213. Management Information Base for Network Management of TCP/Ip-Based Internets: MIB-II,
  5. 5.
    Distributed Denial of Service (DDoS) Attacks/tools,
  6. 6.
    Li, J.: Constantine Manikopoulos.: Early Statistical Anomaly Intrusion Detection of DoS Attacks Using MIB Traffic Parameters. In: Proc. of the IEEE WIA, pp. 53–59 (2003)Google Scholar
  7. 7.
    GasparyL, P., Sanchez, R.N., Antunes, D.W., Meneghetti, E.: A SNMP-based platform for distributed stateful intrusion detection in enterprise network. IEEE Journal on Selected Areas in Communications 23, 1973–1982 (2005)CrossRefGoogle Scholar
  8. 8.
    Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study. In: IEEE/IFIP International Symposium, pp. 606–622 (2002)Google Scholar
  9. 9.
    Xue, Q., Guo, L.-L., Sun, J.-Z.: The design of a distributed network intrusion detection system IA-NIDS. In: International Conference on Machine Learning and Cybernetics 2003, vol. 4, pp. 2305–2308 (2003)Google Scholar
  10. 10.
    Carlsson, P., Fiedler, M., Tutschku, K., Chevul, S., Nilsson, A.A.: Obtaining Reliable Bit Rate measurements in SNMP-Managed Networks: ITC Specialist Seminar, Würzburg, pp. 114–123 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jun-Sang Park
    • 1
  • Myung-Sup Kim
    • 1
  1. 1.Dept. of Computer and Information ScienceKorea UniversityKorea

Personalised recommendations