Statistical signatures for early detection of flooding denial-of service attacks

Abstract

A major threat to the information economy is denial-of-service attacks. Despite the widespread deployment of perimeter model countermeasures these attacks are highly prevalent. Therefore a new approach is posited; early detection. This paper posits an approach that utilises statistical signatures at the router to provide early detection of flooding denial-of-service attacks. The advantages of the approach presented in this paper are threefold: analysing fewer packets reduces computational load on the defence mechanism; no state information is required about the systems under protection; and alerts may span many attack packets. Thus, the defence mechanism may be placed within the routing infrastructure to prevent malicious packets from reaching their intended victim in the first place. This paper presents an overview of the early detection-enabled router algorithm and case study results. Copyright © 2005 by International Federation for Information Processing.