Abstract
DDoS (Distributed Denial of Service) is a kind of attack that has made great threats to network security. DDoS traffic occupies so much bandwidth that other normal Internet services are disabled. This paper designs a DDoS Monitor based on flow analysis to detect DDoS traffic. Alert will be given if DDoS is detected. Flow records are quite useful for understanding network behavior. DDoS Monitor gets rate information by analyzing flow records. At the beginning, DDoS Monitor works at training mode, meaning that flow records are used as training data to generate thresholds. Then it turns to detection mode to detect DDoS by judging if thresholds are exceeded. Experiments on a large flow data set from an ISP network revealed that DDoS Monitor effectively detected abnormal traffic from flow analysis.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
