• May 27, 2016 News!The submission for Special Issue is officially open now!   [Click]
  • May 03, 2016 News!Vol.6, No.6 has been indexed by EI (Inspec).   [Click]
  • Mar 17, 2017 News!Vol.9, No.2 has been published with online version. 13 peer reviewed articles from 4 specific areas are published in this issue.   [Click]
General Information
Editor-in-chief
Prof. Wael Badawy
Department of Computing and Information Systems Umm Al Qura University, Canada
I'm happy to take on the position of editor in chief of IJCTE. We encourage authors to submit papers concerning any branch of computer theory and engineering.
IJCTE 2009 Vol.1(1): 71-80 ISSN: 1793-8201
DOI: 10.7763/IJCTE.2009.V1.12

Dynamic and Auto Responsive Solution for Distributed Denial-of-Service Attacks Detectionin ISP Network

B. B. Gupta, R. C. Joshi and Manoj Misra

Abstract—Denial of service (DoS) attacks and more particularly the distributed ones (DDoS) are one of the lates tthreat and pose a grave danger to users, organizations and infrastructures of the Internet. Several schemes have been proposed on how to detect some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. This paper reports the design principles and evaluation results of our proposed framework that autonomously detects and accurately characterizes a wide range of flooding DDoS attacks in ISP network. Attacks are detected by the constant monitoring of propagation of abrupt traffic changes inside ISP network. For this, a newly designed flow-volume based approach (FVBA) is used to construct profile of the traffic normally seen in the network, and identify anomalies whenever traffic goes out of profile. Consideration of varying tolerance factors make proposed detection system scalable to the varying network conditions and attack loads in real time. Six-sigma method is used to identify threshold values accurately for malicious flows characterization. FVBA has been extensively evaluated in a controlled test-bed environment. Detection thresholds and efficiency is justified using receiver operating characteristics(ROC) curve. For validation, KDD 99, a publicly available bench mark dataset is used. The results show that our proposed system gives a drastic improvement in terms of detection and false alarm rate.

Index Terms—Distributed Denial of Service Attacks, False Positives, False Negatives, ISP Network, Network Security

B. B. Gupta is with the Department of Electronics & Computer Engg., Indian Institute of Technology, Roorkee, 247667 India. (phone:+91-9927713132).
R. C. Joshi is with the Department of Electronics & Computer Engg., Indian Institute of Technology, Roorkee, 247667 India.
Manoj Misra is with the Department of Electronics & Computer Engg., Indian Institute of Technology, Roorkee, 247667 India.

[PDF]

Cite: B. B. Gupta, R. C. Joshi and Manoj Misra, "Dynamic and Auto Responsive Solution for Distributed Denial-of-Service Attacks Detection in ISP Network," International Journal of Computer Theory and Engineering vol. 1, no. 1, pp. 71-80, 2009.

Copyright © 2008-2015. International Journal of Computer Theory and Engineering. All rights reserved.
E-mail: ijcte@vip.163.com