Ensemble-based DDoS detection and mitigation model
Proceedings of the Fifth International Conference on Security of Information and Networks
| Hi-index | 0.00 |
Distributed Denial-of-Service flooding attacks against public web servers are increasingly common. It is impossible for the victim servers to work on the individual level of on-going traffic flows. The scheme establishes IP Flow which is used to select proper features for DDoS detection. Five features are analyzed by the experiments. The IP flow statistics is mainly used to allocate the weights for traffic routing by routers. A new algorithm is thus proposed to get efficiently maximum throughput by the traffic filtering, and its feasibility and validity have been verified in real network circumstances. The algorithm shows its advantages that it is with high average detection and with low false alarm and miss alarm. Moreover, it can optimize the network traffic simultaneously with defending against DDoS attack, thus eliminating efficiently the global burst of traffic arising from normal traffic so as to improve greatly the efficiency of servers.