A Scalable DDoS Detection Framework With Victim Pinpoint Capability
In recent years, various intrusion detection and prevention systems have been proposed to detect DDoS attacks and mitigate the caused damage. However, many existing IDS systems still keep per-flow state to detect anomaly, and thus do not scale with link speeds in multi-gigabit networks. In this paper, the authors present a two-level approach for scalable and accurate DDoS attack detection by exploiting the asymmetry in the attack traffic. In the coarse level, they use a Modified Count-min Sketch (MCS) for fast detection, and in the fine level, they propose a Bidirectional Count Sketch (BCS) to achieve better accuracy.