Yousra Chabchoub, INRIA, équipe RAP

Location :

Salle de réunion du bureau TREC.
Escalier de direction
2ème étage, porte de gauche
ENS - 45 rue d'Ulm - 75005 Paris
Directions 

Abstract :

A Denial of Service(DoS) attack aims to make a computer or network incapable of providing normal services. In general attacks are detected as notable deviation from the standard behavior. We are   particularly interested in SYN flooding and volume flooding which are the most commun DoS attacks. Using an adapted definition of a flow, these attacks can be considered as very large flows. To   identify suspicious large flows on-line, in a very high bit rate traffic and using a limited memory, we propose an algorithm based on counting filter. We introduce a refreshing mechanism to avoid filter's saturation under a heavy Internet traffic, and to adapt the algorithm to traffic variations. The algorithm is tested against traffic from FT IP backbone network. 

Host :

François Baccelli and Marc Lelarge