DDoS Attack Detection Algorithm Using IP Address Features

  • Jieren Cheng
  • Jianping Yin
  • Yun Liu
  • Zhiping Cai
  • Min Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5598)


Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing Algorithms to detect DDoS attacks, this paper proposes a novel detecting algorithm for DDoS attacks based on IP address features value (IAFV). IAFV is designed to reflect the essential DDoS attacks characteristics, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. IAFV time series can be used to characterize the essential change features of network flows. Furthermore, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. The experimental results on the MIT data set show that our algorithm can detect DDoS attacks accurately and reduce the false alarm rate drastically.


network security distributed denial of service attack IP address features value support vector machine 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Handley, M.: DoS-resistant Internet subgroup report. Internet Architecture WG. Tech. Rep. (2005), http://www.communications.net/object/download/1543/doc/mjh-dos-summary.pdf
  2. 2.
    Cheng, C.M., Kung, H.T., Tan, K.S.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE GLOBECOM 2002, pp. 2143–2148 (2002)Google Scholar
  3. 3.
    Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: A statistical anomaly approach. IEEE Commun. Mag., 76–82 (2002)Google Scholar
  4. 4.
    Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: Proceedings of ACM SIGCOMM, Portland, Oregon, USA (August 2004)Google Scholar
  5. 5.
    Kulkarni, A., Bush, S., Evans, S.: Detecting distributed denial-of-service attacks using Kolmogorov complexity metrics. GE Research & Development Center. Tech. Rep: Schectades, New York (2001)Google Scholar
  6. 6.
    Dongqing, Z., Haifeng, Z., Shaowu, Z., et al.: A DDoS Attack Detection Method Based on Hidden Markov Model. Journal of Computer Research and Development 42(9), 1594–1599 (2005)CrossRefGoogle Scholar
  7. 7.
    Sanguk, N., Gihyun, J., Kyunghee, C., et al.: Compiling network traffic into rules using soft computing methods for the detection of flooding attacks. Applied Soft Computing, 1200–1210 (2008)Google Scholar
  8. 8.
    Gil, T.M., Poletto, M.: MULTOPS: A data-structure for bandwidth attack detection. In: Proceedings of the 10th USENIX Security Symposium (2001)Google Scholar
  9. 9.
    Wang, H., Zhang, D., Shin, K.G., Detecting, S.Y.N.: flooding attacks. In: Proceedings of IEEE INFOCOM, pp. 1530–1539 (2002)Google Scholar
  10. 10.
    Keunsoo, L., Juhyun, K., Ki, H.K., et al.: DDoS attack detection method using cluster analysis. Expert Systems with Applications, 1659–1665 (2008)Google Scholar
  11. 11.
    Abdelsayed, S., Glimsholt, D., Leckie, C., et al.: An efficient filter for denial-of service bandwidth attacks. In: Proceedings of the 46th IEEE GLOBECOM, pp. 1353–1357 (2003)Google Scholar
  12. 12.
    Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proceedings of ACM SIGCOMM, Philadelphia, Pennsylvania, USA (2005)Google Scholar
  13. 13.
    Peng, T., Leckie, C., Kotagiri, R.: Proactively detecting distributed denial of service attacks using source ip address monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference, pp. 771–782 (2004)Google Scholar
  14. 14.
    Kejie, L., Dapeng, W., Jieyan, F., et al.: Robust and efficient detection of DDoS attacks for large-scale internet. Computer Networks, 5036–5056 (2007)Google Scholar
  15. 15.
    Burger, C.: A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery 2(2), 121–167 (1998)CrossRefGoogle Scholar
  16. 16.
    Platt, J.: Sequential minimal optimization: A fast algorithm for training support vector machines. Microsoft Research, Tech Rep: MSR-TR-98-14 (1998)Google Scholar
  17. 17.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jieren Cheng
    • 1
    • 2
  • Jianping Yin
    • 1
  • Yun Liu
    • 1
  • Zhiping Cai
    • 1
  • Min Li
    • 1
  1. 1.School of ComputerNational University of Defense TechnologyChangshaChina
  2. 2.Department of mathematicsXiangnan UniversityChenzhouChina

Personalised recommendations