Augmented attack tree modeling of distributed denial of services and tree based attack detection method

Jie Wang, Raphael C.W. Phan, John N. Whitley, David J. Parish

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

10 Citations (Scopus)


Distributed Denial of Service (DDoS) is a serious computer network attack which can cause extreme performance degradation on the victim server. This paper presents a formal and methodical way of modeling DDoS attack by the method of Augmented Attack Tree (AAT), and presents an AAT-based attack detection algorithm. This modeling explicitly captures the particular subtle incidents triggered by DDoS and the corresponding state transitions from the view of the network traffic transmission on the primary victim server. Two major contributions are given in this paper: (1) an AAT-based DDoS model (ADDoSAT) is developed to assess the potential threat from the malicious packets transmission on the primary victim server and to facilitate the detection of such attacks; (2) an AAT-based bottom-up detection algorithm is proposed to detect all kinds of attacks based on AAT modeling.

Original languageEnglish
Title of host publicationProceedings - 10th IEEE International Conference on Computer and Information Technology, CIT-2010, 7th IEEE International Conference on Embedded Software and Systems, ICESS-2010, ScalCom-2010
Number of pages6
Publication statusPublished - 2010
Externally publishedYes
EventIEEE International Conference on Computer and Information Technology 2010 - Bradford, United Kingdom
Duration: 29 Jun 20101 Jul 2010
Conference number: 10th (Proceedings)


ConferenceIEEE International Conference on Computer and Information Technology 2010
Abbreviated titleCIT 2010
Country/TerritoryUnited Kingdom
Internet address


  • Augmented attack tree
  • Bottom-up
  • DDOS
  • Detection algorithm
  • Modeling

Cite this