Abstract
By designing a distributed hierarchical architecture, the detection task is distributed to the source end, the intermediate network, and the victim end over the Internet to implement the early detection against DDoS attacks. Based on the sensitivity of CUSUM algorithm to the slight change and the traffic characteristics at the source end and the intermediate network, the adaptive CUSUM on the estimation of both the mean value and the variance is adopted at the source end, which detects the outgoing traffic. And the adaptive CUSUM based on EWMA is adopted at the intermediate network, which detects the change and aggregation of the superflow. The detection at the victim end is based on the weighted CAT domain tree. Compared with DCD scheme, the detection rate of UDP attacks is raised from 72 % in DCD to 90 % in proposed scheme, and the detection rate of TCP attacks is improved too.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mirkovic J, Robinson M, Reiher P, Kuenning G (2003) Alliance formation for DDoS defense. In: Proceedings of the new security paradigms workshop, ACM SIGSAC, Aug 2003
Koutepas G, Stamatelopoulos F, Maglaris B (2004) Distributed management architecture for cooperative detection and reaction to DDoS attacks. J Netw Syst Manage 12:73–94
Lam HY, Li CP; Chanson ST, Yeung DY (2006) A coordinated detection and response scheme for distributed denial-of-service attacks. In: Proceedings of IEEE international conference on communications, vol 5, pp 2165–2170
Bouzida Y, Cuppens F, Gombault S (2006) Detecting and reacting against distributed denial of service attacks. In: Proceedings of IEEE international conference on communications, vol 5, pp 2394–2400
Xiao B, Chen W, He YX (2006) A novel approach to detecting DDoS attacks at an early stage. J Supercomput 3:235–248
Chen Y, Hwang K (2006) Collaborative change detection of DDoS attacks on community and ISP networks. In: Proceedings of international symposium on collaborative technologies and systems, pp 401–410
Chen Y, Hwang K, Ku WS (2007) Collaborative detection of DDoS attacks over multiple network domains. IEEE Trans Parallel Distrib Syst 18(12):1649–1662
Acknowledgments
This work is supported by Doctoral Fund of Guangdong Medical College (No: B2012054), the Scientific Research Fund of Hunan Provincial Education Department (No:11C1067) and the applied basic by research projects of Yunnan Province under Grant: KKSY201203062.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, Z., Chen, X., Wang, J., Li, X. (2014). A Distributed Detection Scheme Based on Adaptive CUSUM and Weighted CAT Against DDoS Attacks. In: Farag, A., Yang, J., Jiao, F. (eds) Proceedings of the 3rd International Conference on Multimedia Technology (ICMT 2013). Lecture Notes in Electrical Engineering, vol 278. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41407-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-41407-7_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41406-0
Online ISBN: 978-3-642-41407-7
eBook Packages: EngineeringEngineering (R0)