An aggregative approach for scalable detection of DoS attacks




Hamidi, Alireza
Ganti, Sudhakar
Wu, Kui

Journal Title

Journal ISSN

Volume Title




In Voice Over IP (VoIP) systems, intruders can launch DoS attacks by establishing a large number of open connections to prevent the system from serving legitimate users. Existing defenses against DoS attacks on VoIP systems maintain full state information and thus are not scalable to implement at core routers. To this end, we adopt a two-layer aggregation scheme, termed Advanced Partial Completion Filters (APCF), to defend against DoS attacks without tracking state information of each individual connection. APCF provides adjustable control parameters so that both false alarms and detection rate can be controlled.


©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.



Hamidi, A.; Ganti, S.; Kui Wu; , "An Aggregative Approach for Scalable Detection of DoS Attacks," Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE , vol., no., pp.1-5, Nov. 30 2008-Dec. 4 2008