DDoS Attack Detection Algorithm Using IP Address Features

  • Jieren Cheng
  • Jianping Yin
  • Yun Liu
  • Zhiping Cai
  • Min Li
Conference paper

DOI: 10.1007/978-3-642-02270-8_22

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5598)
Cite this paper as:
Cheng J., Yin J., Liu Y., Cai Z., Li M. (2009) DDoS Attack Detection Algorithm Using IP Address Features. In: Deng X., Hopcroft J.E., Xue J. (eds) Frontiers in Algorithmics. FAW 2009. Lecture Notes in Computer Science, vol 5598. Springer, Berlin, Heidelberg

Abstract

Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing Algorithms to detect DDoS attacks, this paper proposes a novel detecting algorithm for DDoS attacks based on IP address features value (IAFV). IAFV is designed to reflect the essential DDoS attacks characteristics, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. IAFV time series can be used to characterize the essential change features of network flows. Furthermore, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. The experimental results on the MIT data set show that our algorithm can detect DDoS attacks accurately and reduce the false alarm rate drastically.

Keywords

network security distributed denial of service attack IP address features value support vector machine 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jieren Cheng
    • 1
    • 2
  • Jianping Yin
    • 1
  • Yun Liu
    • 1
  • Zhiping Cai
    • 1
  • Min Li
    • 1
  1. 1.School of ComputerNational University of Defense TechnologyChangshaChina
  2. 2.Department of mathematicsXiangnan UniversityChenzhouChina

Personalised recommendations