To search, Click below search items.


All Published Papers Search Service


Detection of DDoS and IDS Evasion Attacks in a High-Speed Networks Environment


Jin-Tae Oh, Sang-Kil Park, Jong-Soo Jang, Yong-Hee Jeon


Vol. 7  No. 6  pp. 124-131


BcN(Broadband convergence Networks) is being deployed in order to support a variety of network applications such as E-Commerce, DMB(Digital Multimedia Broadcasting), Home Network, VoIP(Voice over IP), and other services. As network bandwidth is growing rapidly and services are converged, the opportunity and severity of network intrusions are growing as well. This paper presents a novel Intrusion Detection System (IDS) architecture named ‘Security Gateway System (SGS)’ designed to perform intrusion detection and prevention on high-speed network links. Among several other features in the system, we focus on the detection of DDoS(Distributed Denial of Service) and IDS evasion attacks. We implemented both the mechanisms for handling the bandwidth consuming attack and the detection engine against IDS evasion attack in FPGA(Field Programmable Gate Array). We present some experimental results in a gigabit test bed. The results show that the real-time detection against both attacks is possible with 2 gigabits throughput in each security board.


IDS(Intrusion Detection System), DoS(Denial of Service) attack, Bandwidth Control, IDS evasion attack