Intrusion Detection with CUSUM for TCP-Based DDoS [chapter]

Fang-Yie Leu, Wei-Jie Yang
2005 Lecture Notes in Computer Science  
DDoS(Distributed Denial of Service) is the most troublesome attack nowadays, especially for those people whose operational environment relies on network services and/or the Internet. However, attackers often penetrate innocent routers and hosts to make them unwittingly participate in such a large scale attack as zombies or reflectors. In this paper, we propose an Intrusion Detection System (IDS), named CUSUM Intrusion Detection System (CIDS), which invokes CUSUM as its detection algorithm and
more » ... gically divides Internet into many autonomous network management units (NMUs), each deploys a CIDS to discover attacks and identify what role a client in such an attack acts as.
doi:10.1007/11596042_127 fatcat:t7b4byu73rduzenyny6ky6xjsa