A Scalable DDoS Detection Framework With Victim Pinpoint Capability

Date Added: Dec 2011
Format: PDF

In recent years, various intrusion detection and prevention systems have been proposed to detect DDoS attacks and mitigate the caused damage. However, many existing IDS systems still keep per-flow state to detect anomaly, and thus do not scale with link speeds in multi-gigabit networks. In this paper, the authors present a two-level approach for scalable and accurate DDoS attack detection by exploiting the asymmetry in the attack traffic. In the coarse level, they use a Modified Count-min Sketch (MCS) for fast detection, and in the fine level, they propose a Bidirectional Count Sketch (BCS) to achieve better accuracy.