DDoS attack detection method using cluster analysis

Authors:
Keunsoo Lee;Juhyun Kim;Ki Hoon Kwon;Younggoo Han;Sehun Kim
Affiliations:
Department of Industrial Engineering, Korea Advanced Institute of Science and Technology, 373-1, Guseong-dong, Yuseong-gu, Daejeon 305-701, Republic of Korea;Department of Industrial Engineering, Korea Advanced Institute of Science and Technology, 373-1, Guseong-dong, Yuseong-gu, Daejeon 305-701, Republic of Korea;Department of Industrial Engineering, Korea Advanced Institute of Science and Technology, 373-1, Guseong-dong, Yuseong-gu, Daejeon 305-701, Republic of Korea;Department of Industrial Engineering, Korea Advanced Institute of Science and Technology, 373-1, Guseong-dong, Yuseong-gu, Daejeon 305-701, Republic of Korea;Department of Industrial Engineering, Korea Advanced Institute of Science and Technology, 373-1, Guseong-dong, Yuseong-gu, Daejeon 305-701, Republic of Korea
Venue:
Expert Systems with Applications: An International Journal
Year:
2008

Citing 6
Cited 21

SAS/ETS User's Guide, Version 6

SAS/ETS User's Guide, Version 6
Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
Sustaining Availability of Web Services under Distributed Denial of Service Attacks

IEEE Transactions on Computers
Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features

Computer Networks and ISDN Systems
A Mathematical Theory of Communication

A Mathematical Theory of Communication
Neural Networks: A Comprehensive Foundation (3rd Edition)

Neural Networks: A Comprehensive Foundation (3rd Edition)

DDoS attacks detection model and its application

WSEAS Transactions on Computers
Planning of educational training courses by data mining: Using China Motor Corporation as an example

Expert Systems with Applications: An International Journal
A method of run-time detecting DDos attacks

ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
Hybrid Intrusion Forecasting Framework for Early Warning System

IEICE - Transactions on Information and Systems
A decision support system for constructing an alert classification model

Expert Systems with Applications: An International Journal
Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
DDoS Attack Detection Algorithm Using IP Address Features

FAW '09 Proceedings of the 3d International Workshop on Frontiers in Algorithmics
Network forensics based on fuzzy logic and expert system

Computer Communications
Abnormal diagnosis of Emergency Department triage explored with data mining technology: An Emergency Department at a Medical Center in Taiwan taken as an example

Expert Systems with Applications: An International Journal
DDoS attack detection using K-Nearest Neighbor classifier method

Telehealth/AT '08 Proceedings of the IASTED International Conference on Telehealth/Assistive Technologies
DDoS attack detection method based on linear prediction model

ICIC'09 Proceedings of the 5th international conference on Emerging intelligent computing technology and applications
Random effects logistic regression model for anomaly detection

Expert Systems with Applications: An International Journal
Preprocessing DNS log data for effective data mining

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A distributed sinkhole detection method using cluster analysis

Expert Systems with Applications: An International Journal
An entropy based approach for DDoS attack detection in IEEE 802.16 based networks

IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Multivariate correlation analysis technique based on Euclidean distance map for network traffic characterization

ICICS'11 Proceedings of the 13th international conference on Information and communications security
Self-adaptive and dynamic clustering for online anomaly detection

Expert Systems with Applications: An International Journal
A hybrid defense mechanism for DDoS attacks using cluster analysis in MANET

Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Advanced probabilistic approach for network intrusion forecasting and detection

Expert Systems with Applications: An International Journal
Intelligent network security assessment with modeling and analysis of attack patterns

Security and Communication Networks
Survey A model-based survey of alert correlation techniques

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	12.06

Visualization

Abstract

Distributed Denial of Service (DDoS) attacks generate enormous packets by a large number of agents and can easily exhaust the computing and communication resources of a victim within a short period of time. In this paper, we propose a method for proactive detection of DDoS attack by exploiting its architecture which consists of the selection of handlers and agents, the communication and compromise, and attack. We look into the procedures of DDoS attack and then select variables based on these features. After that, we perform cluster analysis for proactive detection of the attack. We experiment with 2000 DARPA Intrusion Detection Scenario Specific Data Set in order to evaluate our method. The results show that each phase of the attack scenario is partitioned well and we can detect precursors of DDoS attack as well as the attack itself.