DDoS Attack Detection Algorithm Using IP Address Features
- Cite this paper as:
- Cheng J., Yin J., Liu Y., Cai Z., Li M. (2009) DDoS Attack Detection Algorithm Using IP Address Features. In: Deng X., Hopcroft J.E., Xue J. (eds) Frontiers in Algorithmics. FAW 2009. Lecture Notes in Computer Science, vol 5598. Springer, Berlin, Heidelberg
Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing Algorithms to detect DDoS attacks, this paper proposes a novel detecting algorithm for DDoS attacks based on IP address features value (IAFV). IAFV is designed to reflect the essential DDoS attacks characteristics, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. IAFV time series can be used to characterize the essential change features of network flows. Furthermore, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. The experimental results on the MIT data set show that our algorithm can detect DDoS attacks accurately and reduce the false alarm rate drastically.
Keywordsnetwork security distributed denial of service attack IP address features value support vector machine
Unable to display preview. Download preview PDF.