Statistical Detection for Network Flooding Attacks

Abstract

In order to meet the high demands of network availability and reliability, today’s IDS (Intrusion Detecting System) is often constructed in major portal to protect the managed network from attacks. Generally, current IDS use the pattern matching method as the primary scheme to detect attacks. However, after integrating IDS into router, the pattern matching method may cause extreme computing load to router which deviates working correctly, even crashing, when under attacking. In this research, the analysis of network traffic variation is combined with the pattern matching method for decreasing the load arose from the attached IDS of the router. In addition, an overall monitoring system is designed to cooperate with the backbone routers which equipped our attack detecting mechanism. Network managers can not only realize an occurrence of an attack but also where the attack passes through the network by using this system. Besides, the firewall would be also built into the router which can be started by managers to provide first line protection after an attack is detected.