Title: System for DDoS attack mitigation by discovering the attack vectors through statistical traffic analysis
Authors: Mircho Jordanov Mirchev; Seferin Todorov Mirtchev
Addresses: Faculty of Telecommunications, Technical University of Sofia, 8 Kl.Ohridski Blvd, 1000 Sofia, Bulgaria ' Faculty of Telecommunications, Technical University of Sofia, 8 Kl.Ohridski Blvd, 1000 Sofia, Bulgaria
Abstract: DDoS attacks are becoming an increasing threat to the internet due to the easy availability of user-friendly attack tools. In meantime defending from such attacks is very difficult, because it is very hard to differentiate between the legitimate traffic and attack traffic and also maintain the attacked service still accessible while under attack. This paper describes a method for discovering the vector of a DDoS attack using statistical traffic analysis. The discussed methods are based on having a notification of the attack and making a statistical analysis of the attack traffic to find the vector and profiling a statistical baseline of normal traffic and discovering the abnormal traffic as a difference in the statistical parameters of TCP/IP packets in a given moment to the baseline and thus making a decision of the attack and its vector simultaneously.
Keywords: distributed denial-of-service; DDoS attack; vector of attack; statistical analysis; IP network security.
International Journal of Information and Computer Security, 2020 Vol.13 No.3/4, pp.309 - 321
Received: 24 Feb 2018
Accepted: 26 Feb 2018
Published online: 10 Sep 2020 *