Abstract
Hot-IPs, hosts appear with high frequency in networks, cause many threats for systems such as denial of service attacks or Internet worms. One of their main characteristics is quickly sending a large number of packets to victims in a short time in network. This paper presents a solution to find Hot-IPs by using non-adaptive group testing approach. The proposed solution has been implemented in combination with the distributed architecture and parallel processing techniques to quickly detect Hot-IPs in ISP networks. Experimental results can be applied to detect Hot-IPs in ISP networks.
Highlights
Denial of Service attacks and Internet wormsIn denial of service (DoS) or distributed denial of service (DDoS) attacks, attackers send a very large number of packets to victims in a very short time
There are many methods to detect these risks on network, which are mostly based on Intrusion detection systems/Intrusion prevention systems (IDS/IPS) devices that are allocated before servers to monitor, alert and drop harmful packets
In the case of denial of service attacks [3] or network scanning, attackers send a lot of traffics to a destination in a short time
Summary
In denial of service (DoS) or distributed denial of service (DDoS) attacks, attackers send a very large number of packets to victims in a very short time. The problem is how to fast detect attackers, victims in denial of services attacks and sources of the worms propagating in high speed networks. Based on these results, administrators can quickly have solutions to prevent them or redirect attacks. Based on IP traffics going through network devices, every IP packet with its source and destination IP addresses are monitored to appear with a high frequency (Hot-IP), they may be a server that is being attacked. In the case of denial of service attacks [3] or network scanning, attackers send a lot of traffics to a destination in a short time.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have