Date Added: Nov 2012
Detection and trace-back of Distributed Denial of Service (DDoS/DoS) attacks have become a challenge for network security. In this paper, the authors propose a lightweight cooperative detection framework (CCBFF) based on counting bloom filter to detect and trace DDoS/DoS attack online. The CCBFF contains 2 counting bloom filters CBF1 and CBF2. The CBF1 distinguishes different network connection topology of a router by the "Options" field of IP-V4, encodes the existing DDoS/DoS attacks and all connected device's addresses and stored them. By querying the CBF1, the CBF2 recognizes suspicious packets, accumulates them and sends out super alerts to the victim.