%0 Conference Proceedings
%T High Performance DDoS Attack Detection System Based on Distribution Statistics
%+ Cluster and Grid Computing Lab
%A Xie, Xia
%A Li, Jinpeng
%A Hu, Xiaoyang
%A Jin, Hai
%A Chen, Hanhua
%A Ma, Xiaojing
%A Huang, Hong
%Z Part 4: Big Data+Cloud
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 16th IFIP International Conference on Network and Parallel Computing (NPC)
%C Hohhot, China
%Y Xiaoxin Tang
%Y Quan Chen
%Y Pradip Bose
%Y Weiming Zheng
%Y Jean-Luc Gaudiot
%I Springer International Publishing
%3 Network and Parallel Computing
%V LNCS-11783
%P 132-142
%8 2019-08-23
%D 2019
%R 10.1007/978-3-030-30709-7_11
%K DDoS attack
%K Intrusion prevention system
%K Sketch data structure
%K Real-time
%Z Computer Science [cs]Conference papers
%X Nowadays, web servers often face the threat of distributed denial of service attacks and their intrusion prevention systems cannot detect those attacks effectively. Many existing intrusion prevention systems detect attacks by the state of per-flow and current processing speed cannot fulfill the requirements of real-time detection due to the high speed traffic. In this paper, we propose a powerful system TreeSketchShield which can improve sketch data structure and detect attacks quickly. First, we discuss a novel structure TreeSketch to obtain statistics of network flow, which utilizes the stepped structure of binary tree to map the distribution and reduces the complexity of the statistic calculation. Second, we present a two-level detection scheme that could make a compromise between the detection speed and detection accuracy. Experimental results show that our method can process more than 100,000 records per second. The false alarm rate can achieve 2% to 25% performance improvement.
%G English
%Z TC 10
%Z WG 10.3
%2 https://inria.hal.science/hal-03770528/document
%2 https://inria.hal.science/hal-03770528/file/486810_1_En_11_Chapter.pdf
%L hal-03770528
%U https://inria.hal.science/hal-03770528
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC10
%~ IFIP-NPC
%~ IFIP-WG10-3
%~ IFIP-LNCS-11783