Multi-Agent pattern recognition mechanism for detecting distributed denial of service attacks

Distributed denial of service (DDoS) attacks pose a significant threat to the smooth operations of today's online critical services and applications. Existing mechanisms to detect these attacks have had limited success. With the rapid growth in size and bandwidth of contemporary computer networks, an efficient and effective distributed solution is needed for detecting DDoS attacks. In this study, the authors propose a multiagent pattern recognition mechanism for detecting DDoS attacks, in adistributed fashion. Our proposed solution is very effective in detecting such attacks launched against victim servers residing inside a production network which has multiple gateways to the Internet. Using simulation, the authors show that our proposed mechanism achieves a high degree of accuracy in detecting DDoS attacks, with low false alarm rates, using a reasonable numbers of attack detection agents collaboratively operating in a typical production network. The authors also study the relationship of the number of agents participating in the attack detection process and the false alarm rate of the detection scheme.