VicSifter: A collaborative DDoS detection system with lightweight victim identification

Fei Wang; Xiaofeng Wang; Jinshu Su; Bin Xiao

doi:10.1109/TrustCom.2012.295

VicSifter: A collaborative DDoS detection system with lightweight victim identification

Fei Wang, Xiaofeng Wang, Jinshu Su, Bin Xiao

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

11 Citations (Scopus)

Abstract

Flooding based Distributed Denial of Service (DDoS) attacks can cause very serious security problem by exhausting computing and bandwidth resources of victims. To mitigate these destructive attacks, it is crucially important to detect the occurrence of DDoS attacks and identify their targets as early as possible. In this paper, we propose a collaborative DDoS detection system, called VicSifter, which can detect ongoing DDoS attacks and identify victims at an early stage with good scalability and low overhead. VicSifter is deployed over multiple nodes with two kinds of functions: local anomaly detection and collaborative victim identification. The anomaly detection method is performed locally and is lightweight to save computation by measuring passing packets in a sketch. The collaborative victim identification is triggered only when a local anomaly is detected by employing our distinctive elimination mechanism. The mechanism can significantly reduce the number of packets to be processed by each node, making our system scalable for high-speed network links. We evaluate the performance of VicSifter by using real-world data traffic, mixing the real DDoS attack traces with captured campus gateway traffic. The results show that our system has high accuracy in the early detection of DDoS attacks and timely identification of targeted victims. Our system can outperform other existing methods with less space requirement, and thus achieving good system scalability.

Original language	English
Title of host publication	Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012
Pages	215-222
Number of pages	8
DOIs	https://doi.org/10.1109/TrustCom.2012.295
Publication status	Published - 5 Nov 2012
Event	11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - Liverpool, United Kingdom Duration: 25 Jun 2012 → 27 Jun 2012

Conference

Conference	11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012
Country/Territory	United Kingdom
City	Liverpool
Period	25/06/12 → 27/06/12

Keywords

collaborative detection
DDoS attacks
lightweight
victim identification

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications

More information

10.1109/TrustCom.2012.295

Cite this

Wang, F., Wang, X., Su, J., & Xiao, B. (2012). VicSifter: A collaborative DDoS detection system with lightweight victim identification. In Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (pp. 215-222). Article 6295978 https://doi.org/10.1109/TrustCom.2012.295

@inproceedings{470d374039314a8f9058861aa9ccb4dc,

title = "VicSifter: A collaborative DDoS detection system with lightweight victim identification",

abstract = "Flooding based Distributed Denial of Service (DDoS) attacks can cause very serious security problem by exhausting computing and bandwidth resources of victims. To mitigate these destructive attacks, it is crucially important to detect the occurrence of DDoS attacks and identify their targets as early as possible. In this paper, we propose a collaborative DDoS detection system, called VicSifter, which can detect ongoing DDoS attacks and identify victims at an early stage with good scalability and low overhead. VicSifter is deployed over multiple nodes with two kinds of functions: local anomaly detection and collaborative victim identification. The anomaly detection method is performed locally and is lightweight to save computation by measuring passing packets in a sketch. The collaborative victim identification is triggered only when a local anomaly is detected by employing our distinctive elimination mechanism. The mechanism can significantly reduce the number of packets to be processed by each node, making our system scalable for high-speed network links. We evaluate the performance of VicSifter by using real-world data traffic, mixing the real DDoS attack traces with captured campus gateway traffic. The results show that our system has high accuracy in the early detection of DDoS attacks and timely identification of targeted victims. Our system can outperform other existing methods with less space requirement, and thus achieving good system scalability.",

keywords = "collaborative detection, DDoS attacks, lightweight, victim identification",

author = "Fei Wang and Xiaofeng Wang and Jinshu Su and Bin Xiao",

year = "2012",

month = nov,

day = "5",

doi = "10.1109/TrustCom.2012.295",

language = "English",

isbn = "9780769547459",

pages = "215--222",

booktitle = "Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012",

note = "11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 ; Conference date: 25-06-2012 Through 27-06-2012",

}

Wang, F, Wang, X, Su, J & Xiao, B 2012, VicSifter: A collaborative DDoS detection system with lightweight victim identification. in Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012., 6295978, pp. 215-222, 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012, Liverpool, United Kingdom, 25/06/12. https://doi.org/10.1109/TrustCom.2012.295

VicSifter: A collaborative DDoS detection system with lightweight victim identification. / Wang, Fei; Wang, Xiaofeng; Su, Jinshu et al.
Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012. 2012. p. 215-222 6295978.

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - VicSifter: A collaborative DDoS detection system with lightweight victim identification

AU - Wang, Fei

AU - Wang, Xiaofeng

AU - Su, Jinshu

AU - Xiao, Bin

PY - 2012/11/5

Y1 - 2012/11/5

N2 - Flooding based Distributed Denial of Service (DDoS) attacks can cause very serious security problem by exhausting computing and bandwidth resources of victims. To mitigate these destructive attacks, it is crucially important to detect the occurrence of DDoS attacks and identify their targets as early as possible. In this paper, we propose a collaborative DDoS detection system, called VicSifter, which can detect ongoing DDoS attacks and identify victims at an early stage with good scalability and low overhead. VicSifter is deployed over multiple nodes with two kinds of functions: local anomaly detection and collaborative victim identification. The anomaly detection method is performed locally and is lightweight to save computation by measuring passing packets in a sketch. The collaborative victim identification is triggered only when a local anomaly is detected by employing our distinctive elimination mechanism. The mechanism can significantly reduce the number of packets to be processed by each node, making our system scalable for high-speed network links. We evaluate the performance of VicSifter by using real-world data traffic, mixing the real DDoS attack traces with captured campus gateway traffic. The results show that our system has high accuracy in the early detection of DDoS attacks and timely identification of targeted victims. Our system can outperform other existing methods with less space requirement, and thus achieving good system scalability.

AB - Flooding based Distributed Denial of Service (DDoS) attacks can cause very serious security problem by exhausting computing and bandwidth resources of victims. To mitigate these destructive attacks, it is crucially important to detect the occurrence of DDoS attacks and identify their targets as early as possible. In this paper, we propose a collaborative DDoS detection system, called VicSifter, which can detect ongoing DDoS attacks and identify victims at an early stage with good scalability and low overhead. VicSifter is deployed over multiple nodes with two kinds of functions: local anomaly detection and collaborative victim identification. The anomaly detection method is performed locally and is lightweight to save computation by measuring passing packets in a sketch. The collaborative victim identification is triggered only when a local anomaly is detected by employing our distinctive elimination mechanism. The mechanism can significantly reduce the number of packets to be processed by each node, making our system scalable for high-speed network links. We evaluate the performance of VicSifter by using real-world data traffic, mixing the real DDoS attack traces with captured campus gateway traffic. The results show that our system has high accuracy in the early detection of DDoS attacks and timely identification of targeted victims. Our system can outperform other existing methods with less space requirement, and thus achieving good system scalability.

KW - collaborative detection

KW - DDoS attacks

KW - lightweight

KW - victim identification

UR - http://www.scopus.com/inward/record.url?scp=84868098039&partnerID=8YFLogxK

U2 - 10.1109/TrustCom.2012.295

DO - 10.1109/TrustCom.2012.295

M3 - Conference article published in proceeding or book

SN - 9780769547459

SP - 215

EP - 222

BT - Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012

T2 - 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012

Y2 - 25 June 2012 through 27 June 2012

ER -

Wang F, Wang X, Su J, Xiao B. VicSifter: A collaborative DDoS detection system with lightweight victim identification. In Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012. 2012. p. 215-222. 6295978 doi: 10.1109/TrustCom.2012.295

VicSifter: A collaborative DDoS detection system with lightweight victim identification

Abstract

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this