F. Han, Long Xu, Xinghuo Yu, Z. Tari, Yong Feng, Jiankun Hu
{"title":"用于实时DDoS检测的滑模观察器","authors":"F. Han, Long Xu, Xinghuo Yu, Z. Tari, Yong Feng, Jiankun Hu","doi":"10.1109/ICIEA.2016.7603695","DOIUrl":null,"url":null,"abstract":"This paper proposes a sliding-mode observer for real-time DDoS detection on network routers, which will be used for connection-oriented services. The developed observers estimate the traffics going through the routers and identify those connections without the following-up packets based on the real-time queue length information inside the routers. These identified traffics are suspicious DDoS attacks which are considered as disturbance in the simplified TCP/IP model of the router. With the observers in use, when DDoS attacks are launched, it has an abrupt change in the disturbance component which could be recognized easily. The proposed observer-based DDoS detection could be installed inside the routers associated with the firewalls. The web server has an overall picture of the entire system, based on which the priority service could be implemented. As a result, the suspicious anomalous could be ranked as the lowest priority for processing and may lead to deep investigation to those suspicious traffics. This proposed mechanism makes optimal use of resource at the bottleneck links to ensure the diverse QoS requirements for high security applications that requires real-time DDoS detection. NS-2 simulation results validate the effectiveness of the proposed method.","PeriodicalId":283114,"journal":{"name":"2016 IEEE 11th Conference on Industrial Electronics and Applications (ICIEA)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Sliding-mode observers for real-time DDoS detection\",\"authors\":\"F. Han, Long Xu, Xinghuo Yu, Z. Tari, Yong Feng, Jiankun Hu\",\"doi\":\"10.1109/ICIEA.2016.7603695\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper proposes a sliding-mode observer for real-time DDoS detection on network routers, which will be used for connection-oriented services. The developed observers estimate the traffics going through the routers and identify those connections without the following-up packets based on the real-time queue length information inside the routers. These identified traffics are suspicious DDoS attacks which are considered as disturbance in the simplified TCP/IP model of the router. With the observers in use, when DDoS attacks are launched, it has an abrupt change in the disturbance component which could be recognized easily. The proposed observer-based DDoS detection could be installed inside the routers associated with the firewalls. The web server has an overall picture of the entire system, based on which the priority service could be implemented. As a result, the suspicious anomalous could be ranked as the lowest priority for processing and may lead to deep investigation to those suspicious traffics. This proposed mechanism makes optimal use of resource at the bottleneck links to ensure the diverse QoS requirements for high security applications that requires real-time DDoS detection. NS-2 simulation results validate the effectiveness of the proposed method.\",\"PeriodicalId\":283114,\"journal\":{\"name\":\"2016 IEEE 11th Conference on Industrial Electronics and Applications (ICIEA)\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 11th Conference on Industrial Electronics and Applications (ICIEA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIEA.2016.7603695\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 11th Conference on Industrial Electronics and Applications (ICIEA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIEA.2016.7603695","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Sliding-mode observers for real-time DDoS detection
This paper proposes a sliding-mode observer for real-time DDoS detection on network routers, which will be used for connection-oriented services. The developed observers estimate the traffics going through the routers and identify those connections without the following-up packets based on the real-time queue length information inside the routers. These identified traffics are suspicious DDoS attacks which are considered as disturbance in the simplified TCP/IP model of the router. With the observers in use, when DDoS attacks are launched, it has an abrupt change in the disturbance component which could be recognized easily. The proposed observer-based DDoS detection could be installed inside the routers associated with the firewalls. The web server has an overall picture of the entire system, based on which the priority service could be implemented. As a result, the suspicious anomalous could be ranked as the lowest priority for processing and may lead to deep investigation to those suspicious traffics. This proposed mechanism makes optimal use of resource at the bottleneck links to ensure the diverse QoS requirements for high security applications that requires real-time DDoS detection. NS-2 simulation results validate the effectiveness of the proposed method.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
