This paper focuses on theoretical and practical methods for detecting bandwidth attacks upon networks and sites. Comparison of existing methods used in traditional networks, as well as discussion of a new method for detecting attacks is presented. Advantages and limitations of few of methods are considered. Attack Detection helps to plan a security monitoring system on Linux based networks that can detect attacks that originate from internal and external sources. The main aim of a security monitoring system is to identify unusual events on the network that indicate malicious activity or procedural errors. Security monitoring provides two primary benefits for organizations of all sizes: the ability to identify attacks as they occur, and the ability to perform forensic analysis on the events that have occurred before, during, and after an attack.

1. Matthew V. Mahoney and Philip K. Chan, "PHAD: A Packet Header Anomaly Detection for Identifying Hostile Network Traffic", Department of Computer Science Florida Institute of Technology Melbourne, Technical Report # CS-2001-04
2. S. Karthik, Dr. V. P. Arunachalam, and Dr. T. Ravichandran, "An Analysis of DDoS Attack Methods, Threats, Tools and Defense Mechanisms"
3. Krishnamurthy, B. , Sen, S. , Zhang, Y. , and Chen, Y. "Sketch-based change detection: methods, evaluation, and applications", In Proceedings of the conference on Internet measurement conference (2003), ACM Press, pp. 234{247.
4. Barford, P. , Kline, J. , Plonka, D. , and Ron. A. A; "Signal analysis of network traffic anomalies", In Proceedings of ACM SIGCOMM Internet Measurement Workshop (Nov. 2002).
5. Jelena Mirkovic, Janice Martin and Peter Reiher, "A taxonomy of DDoS Attacks and DDoS Defense Mechanisms", Computer Science Department, University of California, Los Angles, Technical Report #020018
6. Tao Peng, Christopher Leckie and Kotagiri Tamamohanarao, "Survey of Network-Based Defence Mechanisms Countering the DoS and DDoS Problems", Department of Computer Science and Software Engineering, The University of Melbourne, Australia.
7. C. Chen, S. Mabu, C. Yue, K. Shimada and K. Hirasawa; "Network Intrusion Detection using Fuzzy lass Association Rule Mining Based on Genetic Network Programming", In Proc. of the IEEE InternatinalConference on Systems, Man and Cybernetics, 2009 (Submitted).
8. Gaojun; "Artificial neural network theory and simulation test", Beijing Machinery Industry Press 2003.
9. Y. Wang, X. Wang, D. Wang, and D. P. Agrawal; "Localization algorithm using expected hop progress in wireless sensor networks", in the Third IEEE International Conference on Mobile Ad hoc and Sensor Systems (Mass), October 2006.
10. YU-XIN DING, MIN XIAO, AI-WU LIU Key Laboratory of Network Oriented Intelligent Computation; "RESEARCH AND IMPLEMENTATION ON SNORT-BASED HYBRID INTRUSION DETECTION SYSTEM", Proceedings of the Eighth International Conference on Machine Learning and Cybernetics, Baoding, 12-15 July 2009.
11. Thomer M. Gil and Massimiliano Poletto, "MULTOPS: A Data structure for bandwidth attack Detection" , Vrije University, Amsterdam, The Netherlands and M. I. T. , Cambridge, MA, USA
12. S. Savage, D. Wetherall, A. Karlin and T. Anderson, "Network Support for IP Traceback", IEEE/ACM Trans. Net. , vol. 9, no. 3, June 2001, pp. 22637.
13. A. Belenky and N. Ansari, "On IP Traceback", IEEE Communication Magazine, July 2003, pp. 142-153.
14. J. Mirkovic and P. Reiher, "A Taxonomy of DDoS Attack and DDoS Defense Mechanisms", ACM SIGCOMM Computer Communications Review (CCR), vol. 34, no. 2, April 2004, pp. 39-54.
15. Rocky K. C. Chang, "Defending against Flooding-Based Distributed Denial-od-Service Attacks", A Tutorial, IEEE Communication Magazine, Oct. 2002, pp. 42-51.
16. Min Cai, Kai Hwang, Yu-Kwong Kwok, Shanshan Song, and Yu Chen, "Collaborative Internet Worm Containment", IEEE Security and Privacy, May/June, 2005, pp. 25. -33.
17. M. E. Locasto, J. J. Parekh, A. D. Keromytis, and S. J. Stolfo, "Toward Collaborative Security and P2P Intrusion Detection", IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, 2005, pp. 333-339 http://www. tcpdump. org/tcpdump_man. html
18. Saad, Radwane; Nait-Abdesselam, Farid; Serhrouchni, Ahmed, "A collaborative peer-to-peer architecture to defend against DDoS attacks Local Computer Networks", 2008. LCN 2008. 33rd IEEE Conference on 14-17 Oct. 2008 Page(s):427 - 434.
19. I. Stoica, R. Morris, D. Nowell, D. Karger, M. Kaashoek, F. Dabek and H. Balakrkshnan, "Chord: A Scalable Peer-to-Peer Lookup Protocol for Internet Applications", IEEE/ACM Transactions on Networking, Vol. 11, No. 1, February 2003.
20. http://www. snort. org
21. http://bro-ids. org
22. S. Roberison. E. Siegel, M. Miller, and S. Stolfo, "Surveillance Detection in High Bandwidth Environments", in 2003 DARPA DISCEX III Conference, April 2003.
23. B. H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communication of ACM, Vol. 13, pp. 422-426, July 1970.
24. Erinc Arikan, "Attack Profiling for DDOS Benchmarks" A thesis submitted to the Computer and Information Sciences Faculty of the University of Delaware in partial fulfillment of the requirements for the degree of Master of Science with a major in Computer Science : Summer 2006.
25. http://netdefender. codeplex. com/
26. http://www. grc. com/securitynow. htm
27. http://www. caida. org.
28. http://sourceforge. net/projects/barnyard/
29. Martin Roesch "Snort Documentation" Official Documentation of snort by its author for its use as a Network Intrusion Detection System (NIDS) and Network Intrusion Prevention System (NIPS)

Denial-of-service Attack Bandwidth Attacks Intrusion Detection