A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems

Jung Woo Seo, Sang Jin Lee

Research output: Contribution to journalArticlepeer-review

8 Citations (Scopus)


Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

Original languageEnglish
Article number1878
Issue number1
Publication statusPublished - 2016 Dec 1

Bibliographical note

Publisher Copyright:
© 2016, The Author(s).

ASJC Scopus subject areas

  • General


Dive into the research topics of 'A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems'. Together they form a unique fingerprint.

Cite this