Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Towards Coordinated, Network-Wide Traffic Monitoring for Early Detection of DDoS Flooding Attacks

Taghavi Zargar, Saman (2014) Towards Coordinated, Network-Wide Traffic Monitoring for Early Detection of DDoS Flooding Attacks. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Primary Text

Download (6MB) | Preview


DDoS flooding attacks are one of the biggest concerns for security professionals and they are typically explicit attempts to disrupt legitimate users' access to services. Developing a comprehensive defense mechanism against such attacks requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various such attacks.

In this thesis, we dig into the problem of DDoS flooding attacks from four directions: (1) We study the origin of these attacks, their variations, and various existing defense mechanisms against them. Our literature review gives insight into a list of key required features for the next generation of DDoS flooding defense mechanisms. The most important requirement on this list is to see more distributed DDoS flooding defense mechanisms in near future, (2) In such systems, the success in detecting DDoS flooding attacks earlier and in a distributed fashion is highly dependent on the quality and quantity of the traffic flows that are covered by the employed traffic monitoring mechanisms. This motivates us to study and understand the challenges of existing traffic monitoring mechanisms, (3) We propose a novel distributed, coordinated, network-wide traffic monitoring (DiCoTraM) approach that addresses the key challenges of current traffic monitoring mechanisms. DiCoTraM enhances flow coverage to enable effective, early detection of DDoS flooding attacks. We compare and evaluate the performance of DiCoTraM with various other traffic monitoring mechanisms in terms of their total flow coverage and DDoS flooding attack flow coverage, and (4) We evaluate the effectiveness of DiCoTraM with cSamp, an existing traffic monitoring mechanism that outperforms most of other traffic monitoring mechanisms, with regards to supporting early detection of DDoS flooding attacks (i.e., at the intermediate network) by employing two existing DDoS flooding detection mechanisms over them. We then compare the effectiveness of DiCoTraM with that of cSamp by comparing the detection rates and false positive rates achieved when the selected detection mechanisms are employed over DiCoTraM and cSamp. The results show that DiCoTraM outperforms other traffic monitoring mechanisms in terms of DDoS flooding attack flow coverage.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Taghavi Zargar, Saman stzargar@sis.pitt.eduSAT47
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairJoshi, James B.D.jjoshi@sis.pitt.eduJJOSHI
Committee CoChairTipper, Davidtipper@tele.pitt.eduDTIPPER
Committee MemberKrishnamurthy, Prashantprashk@pitt.eduPRASHK
Committee MemberPelechrinis, Konstantinoskpele@pitt.eduKPELE
Committee MemberQian,
Date: 30 June 2014
Date Type: Publication
Defense Date: 3 June 2014
Approval Date: 30 June 2014
Submission Date: 27 June 2014
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 145
Institution: University of Pittsburgh
Schools and Programs: School of Information Sciences > Telecommunications
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: DDoS flooding attacks, DDoS flooding attack tailored traffic monitoring, DDoS flooding defense, coordinated traffic monitoring, network-wide traffic monitoring, network management, software defined monitoring
Related URLs:
Date Deposited: 30 Jun 2014 20:33
Last Modified: 19 Dec 2016 14:41


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item