Abdulghani Ali Ahmed


Investigating traffic of distributed denial of services (DDoS) attack requires extra overhead which mostly results in network performance degradation. This study proposes an investigation model for detecting DDoS attack in real-time without causing negative degradation against network performance. The model investigates network traffic in a scalable way to detect user violations on quality of service regulations. Traffic investigation is triggered only when the network is congested; at that exact moment, burst gateways actually generate a congestion notification to misbehaving users. The misbehaving users are thus further investigated by measuring their consumption ratios of bandwidth. By exceeding the service level agreement bandwidth ratio, user traffic is filtered as DDoS traffic. Simulation results demonstrate that the proposed model efficiently monitors intrusive traffic and precisely detects DDoS attack.


Keywords: QoS regulations; RED-enabled gateways; SLA violations; DDoS

Full Text:



Abdulghani, A. Ahmed, A. Jantan. G. Ahmed.(2010). A Potent Model for Unwanted Traffic Detection in QoS Network Domain"," JDCTA, vol. 4, pp. 122 ~ 130.

Abdulghani, A. Ahmed, A. Jantan, and T.C. Wan.(2011).SLA-based complementary approach for network intrusion detection," Computer Communications, vol. 34, pp1738-1749.

Ahsan, H. K. Maleq, and B. Bharat.(2004).Edge-to-edge measurement-based distributed network monitoring, Computer Networks." vol. 44, pp. 211-233.

An, J. S. P. G.(2006). Packet marking based cooperative attack response service for effectively handling suspicious traffic", LNCS, vol. 4318, pp. 182-195.

Choffnes, D. R.(2010). Service-level network event detection from edge systems, PhDdissertation, NORTHWESTERN university, p. 131.

Floyd, S. and V. Jacobson.(1993). Random early detection gateways for congestion avoidance, Networking, IEEE/ACM Transactions on, vol. 1, pp. 397-413.

Gu, Y. X. Hong, M. Mazzucco, and R. Grossman.(2003). Rate Based Congestion Control over High Bandwidth/Delay Links, IEEE/ACM Transaction on Networking, vol. 11.

Gyanchandani2, S. S. M.(2010). Analysis of Botnet Behavior Using Queuing Theory, IJCS, vol. 1, pp. 239-241.

Habib, A. S. Fahmy, S. R. Avasarala, V. Prabhakar, and B. Bhargava.(2003). On detecting service violations and bandwidth theft in QoS network domains, Computer Communications, vol. 26, pp. 861-871.

Habib, A. S. Fahmy, and B. Bhargava.(2005). Monitoring and controlling QoS network domains, International Journal of Network Management, vol. 15, pp. 11-29.

Jaeyeon, J. K. Balachander, and R. Michael.(2002). Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites, in Proceedings of the 11th international conference on WWW, Hawaii, USA: ACM.

Jose, N. "DDoS attack evolution," Network Security, vol.( 2008), pp. 7-10.

Kulatunga, C. and G. Fairhurst.(2010). Enforcing layered multicast congestion control using ECN-nonce,Computer Networks, vol. 54, pp. 489-505.

Ningning, P. Hu Steenkiste.(2003). Evaluation and characterization of available bandwidth probing techniques Communications, IEEE Journal vol. 21, pp. 879 - 894.

Tham, C.-K. and Y. Liu.(2005). Assured end-to-end QoS through adaptive marking in multidomain differentiated services networks, Computer Communications, vol. 28, pp. 2009- 2019.

"The Network Simulator (ns-2) home page,"

Xuan I. S. Y., My T. Thai, Taieb Znati.(2010). Detecting Application Denial-of-Service attacks: A Group-Testing-Based Approach,IEEE Transactions on Parallel and Distributed Systems, vol. 21, pp. 1203-1216.


  • There are currently no refbacks.