DDoS attack detection method based on linear prediction model

Authors:
Jieren Cheng;Jianping Yin;Chengkun Wu;Boyun Zhang;Yun Liu
Affiliations:
School of Computer, National University of Defense Technology, Changsha, China and Department of Mathematics, Xiangnan University, Chenzhou, China;School of Computer, National University of Defense Technology, Changsha, China;School of Computer, National University of Defense Technology, Changsha, China;Department of Computer, Hunan Public Security College, Changsha, China;School of Computer, National University of Defense Technology, Changsha, China
Venue:
ICIC'09 Proceedings of the 5th international conference on Emerging intelligent computing technology and applications
Year:
2009

Citing 9
Cited 1

System identification: theory for the user

System identification: theory for the user
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Low-rate TCP-targeted denial of service attacks and counter strategies

IEEE/ACM Transactions on Networking (TON)
Evaluation of a low-rate DoS attack against iterative servers

Computer Networks: The International Journal of Computer and Telecommunications Networking
DDoS attack detection method using cluster analysis

Expert Systems with Applications: An International Journal
Compiling network traffic into rules using soft computing methods for the detection of flooding attacks

Applied Soft Computing
On remote exploitation of TCP sender for low-rate flooding denial-of-service attack

IEEE Communications Letters
Network intrusion and fault detection: a statistical anomaly approach

IEEE Communications Magazine

A DDoS attack detection mechanism based on protocol specific traffic features

Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. The IP Flow feature value (FFV) algorithm is proposed based on the essential features of DDoS attacks, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. Using linear prediction technique, a simple and efficient ARMA prediction model is established for normal network flow. Then a DDoS attack detection scheme based on anomaly detection techniques and linear prediction model (DDAP) is designed. Furthermore, an alert evaluation mechanism is developed to reduce the false positives due to prediction error and flow noise. The experiment results demonstrate that DDAP is an efficient DDoS attacks detection scheme with more accuracy and lower false alarm rate.