VicSifter: A collaborative DDoS detection system with lightweight victim identification

Fei Wang, Xiaofeng Wang, Jinshu Su, Bin Xiao

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

10 Citations (Scopus)

Abstract

Flooding based Distributed Denial of Service (DDoS) attacks can cause very serious security problem by exhausting computing and bandwidth resources of victims. To mitigate these destructive attacks, it is crucially important to detect the occurrence of DDoS attacks and identify their targets as early as possible. In this paper, we propose a collaborative DDoS detection system, called VicSifter, which can detect ongoing DDoS attacks and identify victims at an early stage with good scalability and low overhead. VicSifter is deployed over multiple nodes with two kinds of functions: local anomaly detection and collaborative victim identification. The anomaly detection method is performed locally and is lightweight to save computation by measuring passing packets in a sketch. The collaborative victim identification is triggered only when a local anomaly is detected by employing our distinctive elimination mechanism. The mechanism can significantly reduce the number of packets to be processed by each node, making our system scalable for high-speed network links. We evaluate the performance of VicSifter by using real-world data traffic, mixing the real DDoS attack traces with captured campus gateway traffic. The results show that our system has high accuracy in the early detection of DDoS attacks and timely identification of targeted victims. Our system can outperform other existing methods with less space requirement, and thus achieving good system scalability.
Original languageEnglish
Title of host publicationProc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012
Pages215-222
Number of pages8
DOIs
Publication statusPublished - 5 Nov 2012
Event11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - Liverpool, United Kingdom
Duration: 25 Jun 201227 Jun 2012

Conference

Conference11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012
CountryUnited Kingdom
CityLiverpool
Period25/06/1227/06/12

Keywords

  • collaborative detection
  • DDoS attacks
  • lightweight
  • victim identification

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Cite this