Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • LEET '12 Home
  • Registration Information
  • Organizers
  • Workshop Program
  • Hotel & Travel Information
  • Students
  • Questions?
  • For Participants
  • Call for Papers
  • Past Proceedings

sponsors

General Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Classification of UDP Traffic for DDoS Detection
Tweet

connect with us

http://twitter.com/usenix

Classification of UDP Traffic for DDoS Detection

Authors: 

Alexandru G. Bardas, Loai Zomlot, Sathya Chandran Sundaramurthy, and Xinming Ou, Kansas State University; S. Raj Rajagopalan, HP Labs; Marc R. Eisenbarth, HP TippingPoint

Abstract: 

UDP traffic has recently been used extensively in flooding-based distributed denial of service (DDoS) attacks, most notably by those launched by the Anonymous group. Despite extensive past research in the general area of DDoS detection/prevention, the industry still lacks effective tools to deal with DDoS attacks leveraging UDP traffic. This paper presents our investigation into the proportional-packet rate assumption, and the use of this criterion to classify UDP traffic with the goal of detecting malicious addresses that launch flooding-based UDP DDoS attacks. We conducted our experiments on data from a large number of production networks including large corporations (edge and core), ISPs, universities, financial institutions, etc. In addition, we also conducted experiments on the DETER testbed as well as a testbed of our own. All the experiments indicate that proportional-packet rate assumption generally holds for benign UDP traffic and can be used as a reasonable criterion to differentiate DDoS and non-DDoS traffic. We designed and implemented a prototype classifier based on this criterion and discuss how it can be used to effectively thwart UDP-based flooding attacks.

 

Alexandru G. Bardas, Kansas State University

Loai Zomlot, Kansas State University

Sathya Chandran Sundaramurthy, Kansas State University

Xinming Ou, Kansas State University

S. Raj Rajagopalan, HP Labs

Marc R. Eisenbarth, HP TippingPoint

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {181311,
author = {Alexandru G. Bardas and Loai Zomlot and Sathya Chandran Sundaramurthy and Xinming Ou and S. Raj Rajagopalan and Marc R. Eisenbarth},
title = {{Classification} of {UDP} {Traffic} for {DDoS} Detection},
booktitle = {5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 12)},
year = {2012},
address = {San Jose, CA},
url = {https://www.usenix.org/conference/leet12/workshop-program/presentation/bardas},
publisher = {USENIX Association},
month = apr,
}
Download
Bardas PDF
View the slides

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

  • Log in or    Register to post comments

General Sponsors

© USENIX

  • Privacy Policy
  • Contact Us