Academic Journals Database
Disseminating quality controlled scientific knowledge

A Novel Distributed Detection Scheme against DDoS Attack

Author(s): Zaihong Zhou | Dongqing Xie | Wei Xiong

Journal: Journal of Networks
ISSN 1796-2056

Volume: 4;
Issue: 9;
Start page: 921;
Date: 2009;
Original page

Keywords: DDoS Attack | Distributed Detection | CUSUM Algorithm | Similarity | P2P

A novel detection scheme against DDoS attack is proposed from a distributed perspective. The distributed end-hosts in the Internet are organized into a P2P network by Chord protocol for detection. The detection algorithm based on CUSUM and space similarity is deployed at each node in the P2P detection network. The P2P-based detection network is adopted, which makes the scheme be able to scale to the situation with a large number of detection nodes. CUSUM-based detection at the end-host can detect the slight change at the host. Thus it implements the early detection against DDoS attack, and relieves the detection burden at the victim end. It also can prevent the DDoS attack from forging and randomly changing the IP address, so it can locate the real attack hosts. Node trust is introduced for abnormal information broadcast, which can prevent network from congestion caused by malicious broadcast from malicious nodes. Abnormality detection among nodes based on space similarity can improve the detection accuracy. The experimental results indicate that the proposed scheme has better performance than CUSUM and time similarity algorithm individually deployed. It can reach as high as 96.1% detection rate and only 6.9% false positive rate. This P2P-based scheme can be applied to resolve the communication problem in other distributed application system.
Why do you need a reservation system?      Save time & money - Smart Internet Solutions