Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Hi-index | 0.00 |
We propose a method for detecting Distributed Denial of Service (DDoS) traffic in real-time inside the network. For this purpose, we borrow the concepts of Moving Average Convergence Divergence, Rate of Change, and Relative Strength Index, which are used for technical analysis in the stock market. Due to the fact that the method is based on a quantitative, rather than a heuristic, detection level, DDoS traffic can be detected with greater accuracy (by reducing the false alarm ratio). Through detection algorithm and simulation results, we show how the detection level is determined and demonstrate the degree to which the accuracy of detection is enhanced.