| | |
Summary: Detecting DDoS Attacks on ISP Networks
Aditya Akella Ashwin Bharambe Mike Reiter Srinivasan Seshan
Carnegie Mellon University
Abstract
Most past solutions for detecting denial of service attacks (and iden
tifying the perpetrators) have targeted endnode victims. However,
little attention has been given to this problem from an ISP perspec
tive. This paper explores the key challenges involved in helping an
ISP network detect attacks on itself or attacks on external sites
which use the ISP network. We propose a detection mechanism
where each router detects traffic anamolies using profiles of normal
traffic constructed using stream sampling algorithms. In addition,
an ISP's routers exchange information with each other to increase
confidence in their detection decisions. Our initial results show that
individual router profiles capture key characteristics of the traffic
effectively and help identify anomalies with low false positive and
false negative rates. We believe that profile construction can be ex
tremely efficient, supporting even multigigabit speeds. We also be
lieve that incremental deployment of such techniques is possible,
although it may signficantly impact the effectiveness of the dis
|
