Abstract

This paper presents the distributed denial-of-service detection mechanism (DiDDeM) system for early detection of denial-of-service attacks. The design requirements of the system are posited to demonstrate the requirements for an early detection system. An overview of the system is presented to show how these requirements are met. DiDDeM provides a two-tier detection approach. First, pre-filters (PFs) filter traffic for possible attacks. This is achieved through the application of both stateful and stateless signatures utilising routing congestion algorithms. Second, command and control (C/sup 2/) servers provide intra- and inter-domain co-operation and response to contain an attack within the routing infrastructure. The results for stateful and stateless signature detection of TCP SYN flood attacks are presented.