Abstract
Combating DDoS attacks at their sources is still in its infancy. In this paper, a nonparametric adaptive CUSUM (cumulative sum) method is presented, which is proven efficient in detecting SYN flooding attacks close to their sources. Different from other CUSUM methods, this new method has two distinct features: ➀ its detection threshold can adapt itself to various traffic conditions and ➁ it can timely detect the end of an attack within a required delay. Trace-driven simulations are conducted to validate the efficacy of this method in detecting SYN flooding attacks, and the results show that the nonparametric adaptive CUSUM method excels in detecting low-rate attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
