Methodologies for detecting DoS/DDoS attacks against network servers

As denial of service (DoS) attacks are becoming more common in the Internet, there is greater need for solutions to overcome these attacks. Defending against DoS/ DDoS attacks can generally be divided into 3 phases: prevention, detection and response. Detection is one of the key steps in defending against DoS/ DDoS attacks. However, with the high variation in the DoS/DDoS attack types, the detection of such attacks becomes problematic. A good detection technique should have short detection time and low false positive rate. This paper presents an introduction to intrusion detection systems (IDS) and survey of different DoS/DDoS detection techniques. The key observation of this survey paper is that a CUSUM-based detection technique has many advantages over other statistical instruments in that it is nonparametric; consequently, it does not require training and is more robust to variations in the attack profile. Keywords-DoS; DDoS; detection; network security.