An Integrated Victim-Based Approach Against IP Packet Flooding Denial of Service
In this paper, the authors designed a detection technique from a combination of three existing anomaly detection algorithms to detect attacks at the victim machine. The technique is a combination the CUmulative SUM algorithm (CUSUM), the Source IP Monitoring algorithm (SIM), and the adaptive threshold algorithm. It is made up of parallel and sequential steps where by the CUSUM and SIM algorithms are designed to work in parallel terms, while the adaptive threshold algorithm is run in case the results from the two (i.e., CUSUM and SIM) are conflicting. They used simulations to evaluate the performance of the proposed technique under various attack scenarios.