Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System


The KIPS Transactions:PartC, Vol. 16, No. 1, pp. 13-20, Feb. 2009
10.3745/KIPSTC.2009.16.1.13,   PDF Download:

Abstract

Recently, as traffic flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. In this paper we propose an SNMP-based lightweight and fast detection algorithm for traffic flooding attacks, which minimizes the processing and network overhead of the detection system, minimizes the detection time, and provides high detection rate. The attack detection algorithm consists of three consecutive stages. The first stage determines the detection timing using the update interval of SNMP MIB. The second stage analyzes attack symptoms based on correlations of MIB data. The third stage determines whether an attack occurs or not and figure out the attack type in case of attack.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
J. S. Park, S. Y. Kim, D. H. Park, M. J. Choi, M. S. Kim, "Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System," The KIPS Transactions:PartC, vol. 16, no. 1, pp. 13-20, 2009. DOI: 10.3745/KIPSTC.2009.16.1.13.

[ACM Style]
Jun Sang Park, Sung Yun Kim, Dai Hee Park, Mi Jung Choi, and Myung Sup Kim. 2009. Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System. The KIPS Transactions:PartC, 16, 1, (2009), 13-20. DOI: 10.3745/KIPSTC.2009.16.1.13.