Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form
D-Scholarship @ Pitt Banner and Links to Homepage

DiCoTraM: A distributed and coordinated DDoS flooding attack tailored traffic monitoring

Zargar, ST and Joshi, J and Tipper, D (2014) DiCoTraM: A distributed and coordinated DDoS flooding attack tailored traffic monitoring. In: UNSPECIFIED.

[img] Plain Text (licence)
Available under License : See the attached license file.
Download (1kB)

Abstract

The success in detecting Distributed Denial of Service (DDoS) flooding attacks is highly dependent on the quality and quantity of the covered flows by the traffic monitoring mechanism that is employed in any DDoS defense mechanism. In this paper, we propose DiCoTraM, a DDoS flooding attack tailored distributed and coordinated traffic monitoring mechanism that centrally and periodically coordinates the monitoring responsibilities and distributes them among all the monitoring devices within each autonomous system (AS) while satisfying the monitoring devices' memory constraints. DiCoTraM monitors traffic flows in such a way that the flows intended for the same destination (possible network/transport level DDoS flooding attack flows) are analyzed together in the same monitoring device if there is enough memory to cover those flows on the monitoring device; hence, this can enable distributed detection mechanisms in place to analyze the monitored flows. The enabled distributed detection leads to reduced communication overhead that is a problem in centralized detection mechanisms as they need to collect centrally all the flows for analysis. Moreover, the centralized coordination structure of DiCoTraM eliminates the redundant flow monitoring among the routers. We simulate and compare DiCoTraM with other traffic monitoring mechanisms in terms of: the overall flow coverage, and the DDoS flooding attack flow coverage. The experimental results show that DiCoTraM, compared to other monitoring mechanisms, covers more DDoS flooding attack flows and it has reasonable overall flow coverage.

Share

Citation/Export:
Social Networking:
Share |

Details

Item Type: Conference or Workshop Item (UNSPECIFIED)
Status: Published
Creators/Authors:
CreatorsEmailPitt UsernameORCID
Zargar, ST
Joshi, Jjjoshi@pitt.eduJJOSHI0000-0003-4519-9802
Tipper, Ddtipper@pitt.eduDTIPPER0000-0002-9429-6425
Date: 27 February 2014
Date Type: Publication
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Journal or Publication Title: Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration, IEEE IRI 2014
Page Range: 120 - 129
Event Type: Conference
DOI or Unique Handle: 10.1109/iri.2014.7051881
Institution: University of Pittsburgh
Schools and Programs: School of Information Sciences > Telecommunications
Refereed: Yes
ISBN: 9781479958801
Date Deposited: 30 Jun 2015 15:25
Last Modified: 30 Mar 2021 11:55
URI: http://d-scholarship.pitt.edu/id/eprint/25472

Metrics

Monthly Views for the past 3 years

Plum Analytics

Altmetric.com

Actions (login required)

View Item View Item