A Real Time Detection of Distributed Denial-of-Service Attacks Using Cumulative Sum Algorithm and Adaptive Neuro-Fuzzy Inference System

  • R. Anitha
  • R. Karthik
  • V. Pravin
  • K. Thirugnanam
Part of the Advances in Intelligent Systems and Computing book series (volume 167)


Distributed denial-of-service (DDoS) is a very powerful attack on Internet resources as well as system resources. Hence, it is imperative to detect these attacks in real time else the impact will be irresistible.In this work we propose a new method of applying cumulative sum (CUSUM) algorithm to track variations of the attack characteristic variable X(n) from the observed traffic (specific to different kinds of attacks) and raise an alarm based on threshold. But often a threshold based mechanism produces many false alarms. Adaptive Neuro Fuzzy Inference System (ANFIS) which is capable of removing the abrupt separation between normality and abnormality as well as appropriately select the membership function parameters has been used for detection of attacks based on CUSUM values. The detection mechanism is well corroborated by experimental results.


CUSUM ANFIS Distributed denial-of-service 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Specht, S., Lee, B.: Distributed denial of service: taxonomies of attacks, tools and countermeasures. In: Proc. of the 17th ICPADS, International Workshop on Security in Parallel and Distributed Systems, pp. 543–550 (September 2004)Google Scholar
  2. 2.
    Moore, D., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Proc. Usenix Security Symp., Usenix Assoc. (2001)Google Scholar
  3. 3.
    Wang, H., Zhang, D., Shin, K.G.: Change-Point Monitoring for the Detection of DoS Attacks. IEEE Transactions on Dependable and Secure Computing 1(4) (October-December 2004)Google Scholar
  4. 4.
    Mirkovic, J., Reiher, P.: Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Comunication Review 34(2) (August 2004)Google Scholar
  5. 5.
    Sourcefire Snort: The Open Source Network Intrusion Detection SystemGoogle Scholar
  6. 6.
    Mirkovic, J.: D-WARD: Source-End Defense Against Distributed Denial-of-Service Attacks, PhD thesis, University of California Los Angeles (August 2003)Google Scholar
  7. 7.
    Mahajan, R., Bellovin, S., Floyd, S., Paxson, V., Shenker, S.: Controlling high bandwidth aggregates in the network. ACM Computer Communications Review 32(3) (July 2002)Google Scholar
  8. 8.
    Yan, J., Early, S., Anderson, R.: The XenoService: A Distributed Defeat for Distributed Denial of Service. In: Proceedings of ISW 2000 (October 2000)Google Scholar
  9. 9.
    Gil, T.M.: Poletto. M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of 10th Usenix Security Symposium (August 2001)Google Scholar
  10. 10.
    Information Sciences Institute, Dynabone,
  11. 11.
    Dittrich, D.: The Tribe Flood Network distributed denial of service attack tool, http://sta® Scholar
  12. 12.
    Mazu Networks, Mazu Technical White Papers,
  13. 13.
    BBN Technologies, Intrusion tolerance by unpredictability and adaptation,
  14. 14.
    Bernstein, D.J., Schenk, E.: Linux Kernel SYN Cookies Firewall Project,
  15. 15.
    Lemon, J.: Resisting SYN flood DoS attacks with a SYN cache. In: Proceedings of the BSDCon 2002 Conference, San Francisco, California, USA, USENIX Association (2002)Google Scholar
  16. 16.
    Wang, H., Zhang, D., Shin, K.: Detecting SYN Flooding Attacks. In: Proc. 21st Joint Conf. IEEE Computer and Comm. Societies (IEEE INFOCOM), pp. 1530–1539. IEEE Press (2002)Google Scholar
  17. 17.
    Peng, T., Leckie, C., Ramamohanarao, K.: Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. In: Mitrou, N.M., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds.) NETWORKING 2004. LNCS, vol. 3042, pp. 771–782. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Zhou, Z., Xie, D., Xiong, W.: A Novel Distributed Detection Scheme against DDoS Attack. Journal of Networks 4(9), 921–928 (2009), doi:10.4304/jnw.4.9.921-928CrossRefGoogle Scholar
  19. 19.
    Leu, F., Li, Z.: Detecting DoS and DDoS Attacks by Using an Intrusion Detection and Remote Prevention System. In: International Symposium on Information Assurance and Security, vol. 2, pp. 251–254 (2009); 2009 Fifth International Conference on Information Assurance and Security (2009)Google Scholar
  20. 20.
    Brodsky, B.E., Darkhovsky, B.S.: Nonparametric Methods in Change-Point Problems. Kluwer Academic (1993)Google Scholar
  21. 21.
    Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Application. Prentice-Hall (1993)Google Scholar
  22. 22.
    Shing, J., Jang, R.: ANFIS: Adaptive-Network-Based Fuzzy Inference System. IEEE Transactions on Systems, Man, and Cybernetics 23(3) (May/June 1993)Google Scholar
  23. 23.
    Hick, P., Aben, E., Polterock, J.: The CAIDA DDoS Attack 2007 Dataset (2007),

Copyright information

© Springer-Verlag GmbH Berlin Heidelberg 2012

Authors and Affiliations

  • R. Anitha
    • 1
  • R. Karthik
    • 1
  • V. Pravin
    • 1
  • K. Thirugnanam
    • 1
  1. 1.Department of Mathematics and Computer ApplicationsPSG College of TechnologyCoimbatoreIndia

Personalised recommendations