ISR News Story
Detecting DDoS Attacks in Stub Domains (ISR IP)
ISR intellectual property available to license
Researchers at University of Maryland have come up with an innovative technique for detecting "Distributed Denial of Service (DDoS)" attacks without changing the existing routing infrastructure. This new detection system (using TCP packets) has several advantages over currently existing technology in terms of:
Inventors have performed extensive packet level simulations under different attack scenarios. Observations are listed below:
1. Detect attack flows that are one-third the intensity of an average flow of in the network.
Researchers have even extended this detection technique to detect subnet attacks and were successful in detecting attacks that target hosts in large subnets and in the presence of non-attack traffic to other hosts in the subnet. The experiments conducted for single domain networks revealed that the scheme can detect attacks with aggregate flow intensity equal to the average flow in the network in less than a minute. The experiments for multi-domain stub networks demonstrated that the scheme detects attacks even when the network has four gateways and when up to 50% of flows are asymmetric.
For more information
ISR-IP-Shayman ISR-IP-La ISR-IP-security
June 22, 2007