Router-based detection of DoS and DDoS attacks

Computer intrusion and attack detection has always been a significant issue in networked environments. In most cases, there are two levels in which an intrusion may take place, namely the system level and the network level. This paper discusses an algorithm to protect from a specific kind of network-based attacks called Denial of Service and Distributed Denial of Service attacks, based on data provided from Cisco [1] routers running the NetFlow [2] accounting software.