Destination Address Monitoring Scheme for Detecting DDoS Attack in Centralized Control Network

As DDoS (distributed denial of service) attack becomes more diversified, the conventional detection methods based on single source router can't detect the attack efficiently. In order to combat this problem, centralized control is required to analyze and collect traffic generated in several source routers. This paper presents defense/detection scenario to protect against DDoS attack in centralized control network. A destination address monitoring scheme is also proposed to detect DDoS attacks in real-time. It measures the number of packets with same destination IP address by using modified Bloom filter. Because the modified Bloom filter uses extra table that manages relation among each address fields of destination IP address, it can reduce wrong detection rate. Simulation result shows the proposed scheme reduces the wrong detection rate than the conventional one

[1]  P. Podhradsky Migration scenarios and convergence processes towards NGN (present state and future trends) , 2004, Proceedings. Elmar-2004. 46th International Symposium on Electronics in Marine.

[2]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[3]  C. F. Chong,et al.  IDR: an intrusion detection router for defending against distributed denial-of-service (DDoS) attacks , 2004, 7th International Symposium on Parallel Architectures, Algorithms and Networks, 2004. Proceedings..

[4]  Christopher Leckie,et al.  An efficient filter for denial-of-service bandwidth attacks , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).