Detection of DDoS attacks using optimized traffic matrix

Authors:
Sang Min Lee;Dong Seong Kim;Je Hak Lee;Jong Sou Park
Affiliations:
Department of Computer Eng., Korea Aerospace University, Seoul, Republic of Korea;Department of Electrical and Computer Eng., Duke University, Durham, NC, USA and Department of Computer Science and Software Eng., University of Canterbury, New Zealand;Department of Computer Eng., Korea Aerospace University, Seoul, Republic of Korea;Department of Computer Eng., Korea Aerospace University, Seoul, Republic of Korea
Venue:
Computers & Mathematics with Applications
Year:
2012

Citing 8
Cited 0

Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
DDoS attacks and defense mechanisms: classification and state-of-the-art

Computer Networks: The International Journal of Computer and Telecommunications Networking
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Baseline Profile Stability for Network Anomaly Detection

ITNG '06 Proceedings of the Third International Conference on Information Technology: New Generations
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
DDoS Attacks Detection Using GA Based Optimized Traffic Matrix

IMIS '11 Proceedings of the 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

Quantified Score

Hi-index	0.09

Visualization

Abstract

Distributed Denial of Service (DDoS) attacks have been increasing with the growth of computer and network infrastructures in Ubiquitous computing. DDoS attacks generating mass traffic deplete network bandwidth and/or system resources. It is therefore significant to detect DDoS attacks in their early stage. Our previous approach used a traffic matrix to detect DDoS attacks quickly and accurately. However, it could not find out to tune up parameters of the traffic matrix including (i) size of traffic matrix, (ii) time based window size, and (iii) a threshold value of variance from packets information with respect to various monitored environments and DDoS attacks. Moreover, the time based window size led to computational overheads when DDoS attacks did not occur. To cope with it, we propose an enhanced DDoS attacks detection approach by optimizing the parameters of the traffic matrix using a Genetic Algorithm (GA) to maximize the detection rates. Furthermore, we improve the traffic matrix building operation by (i) reforming the hash function to decrease hash collisions and (ii) replacing the time based window size with a packet based window size to reduce the computational overheads. We perform experiments with DARPA 2000 LLDOS 1.0, LBL-PKT-4 of Lawrence Berkeley Laboratory and generated attack datasets. The experimental results show the feasibility of our approach in terms of detection accuracy and speed.