This paper presents a solution to find Hot-IPs by using non-adaptive group testing approach. The proposed solution has been implemented in combination with the distributed architecture and parallel processing techniques to quickly detect HotIPs in ISP networks. Experimental results can be applied to detect Hot-IPs in ISP networks. | Science & Technology Development, Vol 18, Fast detecting Hot-IPs in high speed networks Huynh Nguyen Chinh University of Technical Education Ho Chi Minh City (Received on December 05 th 2014, accepted on Septemver 23rd 2015) ABSTRACT Hot-IPs, hosts appear with high testing approach. The proposed solution has frequency in networks, cause many threats been implemented in combination with the for systems such as denial of service attacks distributed architecture and parallel or Internet worms. One of their main processing techniques to quickly detect Hotcharacteristics is quickly sending a large IPs in ISP networks. Experimental results number of packets to victims in a short time can be applied to detect Hot-IPs in ISP in network. This paper presents a solution to networks. find Hot-IPs by using non-adaptive group Key words: Hot-IP, denial-of-service attack, Internet worm, distributed architecture, Nonadaptive Group Testing INTRODUCTION Denial of Service attacks and Internet worms In denial of service (DoS) or distributed denial of service (DDoS) attacks, attackers send a very large number of packets to victims in a very short time. They aim to make an unavailable service to legitimate clients. Internet worms propagate to detect vulnerable hosts very fast in networks [1-2]. The problem is how to fast detect attackers, victims in denial of services attacks and sources of the worms propagating in high speed networks. Based on these results, administrators can quickly have solutions to prevent them or redirect attacks. There are many methods to detect these risks on network, which are mostly based on Intrusion detection systems/Intrusion prevention systems (IDS/IPS) devices that are allocated before servers to monitor, alert and drop harmful packets. Techniques are used in these solutions that are based on signatures or thresholds. These solutions have some disadvantages in which new Trang 242 attack occurrence and establishing thresholds can decrease