An Improved NPCUSUM Method with Adaptive Sliding Window to Detect DDoS Attacks

  • Degang Sun
  • Kun Yang
  • Weiqing Huang
  • Yan WangEmail author
  • Bo Hu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9543)


DDoS attacks are very difficult to detect, researches have been in the pursuit of highly efficient and flexible DDoS attacks detection methods. For this purpose, we put forward an improved Non-parametric CUSUM method (NPCUSUM), which combined with adaptive sliding windows (ASW), to detect DDoS attacks. In order to evaluate our method, we do experiments on 2000 DARPA Intrusion Detection Scenario Specific Data Set (DARPA 2000 Dataset). The results show that the proposed method improves the detection efficiency and has good flexibility.


NPCUSUM Sliding window Conditional entropy DDoS attacks detection Darpa 2000 dataset 


  1. 1.
  2. 2.
    Kaspersky Report, Statistics on botnet-assisted DDoS attacks in Q1 2015Google Scholar
  3. 3.
  4. 4.
    Bhuyan, M.H., et al.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. 57(4), 537–556 (2014)CrossRefGoogle Scholar
  5. 5.
    Prasad, K.M., Reddy, A.R.M., Rao, K.V.: DoS and DDoS attacks: defense, detection and traceback mechanisms-a survey. Global. J. Comput. Sci. Technol. 14(7) (2014)Google Scholar
  6. 6.
    Murtaza, S.S., Khreich, W., Hamou-Lhadj, A., et al.: A host-based anomaly detectionapproach by representing system calls as states of kernel modules. In: 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE), pp. 431–440. IEEE (2013)Google Scholar
  7. 7.
    Forrest, S., Hofmeyr, S., Somayaji, A., et al.: A sense of self for unix processes. In: 1996 IEEE Symposium on Security and Privacy, pp. 120–128. IEEE (1996)Google Scholar
  8. 8.
    Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Proceedings of DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314. IEEE, April 2003Google Scholar
  9. 9.
    No, G., Ra, I.: Adaptive DDoS detector design using fast entropy computation method. In: 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 86–93. IEEE (2011)Google Scholar
  10. 10.
    Zhao, X.H., Xia, J.B., Guo, W.W., Du, H.H.: Detection DDoS attacks based on multi-dimensional entropy. J. Air Force Eng. Univ. (Natural Science Edition) 3, 015 (2013)Google Scholar
  11. 11.
  12. 12.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory, 1st edn. Wiley, New York (1991). ISBN 0-471-06259-6CrossRefzbMATHGoogle Scholar
  13. 13.
    Bereziski, P., et al.: An entropy-based network anomaly detection method. Entropy 17(4), 2367–2408 (2015)CrossRefGoogle Scholar
  14. 14.
    Thapngam, T., Yu, S., Zhou, W., Makki, S.K.: Distributed Denial of Service (DDoS) detection by traffic pattern analysis. Peer-to-Peer Networking Appl. 7(4), 346–358 (2014)CrossRefGoogle Scholar
  15. 15.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn. Lett. 51, 1–7 (2015)CrossRefGoogle Scholar
  16. 16.
    Page, E.S.: Continuous Inspection Scheme. Biometrika 41 (1/2): 100C115(1954). doi: 10.1093/biomet/41.1-2.100.JSTOR2333009
  17. 17.
    Bassevilleand, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Application. Prentice-Hall Inc., Upper Saddle River (1993)Google Scholar
  18. 18.
  19. 19.
    Hofstede, R., Celeda, P.: Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. IEEE Commun. Surv. Tutorials (IEEE Communications Society) 16(4), 28 (2014). doi: 10.1109/COMST.2014.2321898 Google Scholar
  20. 20.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Degang Sun
    • 1
  • Kun Yang
    • 1
  • Weiqing Huang
    • 1
  • Yan Wang
    • 1
    Email author
  • Bo Hu
    • 1
  1. 1.Institute of Information EngineeringChinese Academy of Sciences (CAS)BeijingChina

Personalised recommendations