DDoS Attacks Detection by Means of Greedy Algorithms

  • Tomasz AndrysiakEmail author
  • Łukasz Saganowski
  • Michał Choraś
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 184)


In this paper we focus on DDoS attacks detection by means of greedy algorithms. In particular we propose to use Matching Pursuit and Orthogonal Matching Pursuit algorithms. The major contribution of the paper is the proposition of 1D KSVD algorithm as well as its tree based structure representation (clusters), that can be successfully applied to DDos attacks and network anomaly detection.


Greedy Algorithm Intrusion Detection Anomaly Detection Intrusion Detection System Orthogonal Match Pursuit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. In: ACM SIGCOMM CCR (2004)Google Scholar
  2. 2.
    Champagne, D., Lee, R.B.: Scope of DDoS Countermeasures: Taxonomy of Proposed Solutions and Design Goals for Real-World Deployment. In: 8th International Symposium on Systems and Information Security, SSI 2006 (2006)Google Scholar
  3. 3.
    Bin, X., Wei, C.: Y. He: A Novel approach to detecting DDoS attacks at an early Stage. Springer Science + Business Media LLC (2006)Google Scholar
  4. 4.
    Teodoro, P.G., Verdejo, J.D., Fernandez, G.M., Vazquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computer and Security 28(1-2), 18–28 (2008)CrossRefGoogle Scholar
  5. 5.
    Troop, J.A.: Greed is Good: Algorithmic Results for Sparse Approximation. IEEE Transactions on Information Theory, 50(10) (2004)Google Scholar
  6. 6.
    Mallat, S.G., Zhang, Z.: Matching Pursuit with time-frequency dictionaries. IEEE Transactions on Signal Processing 41(12), 3397–3415 (1993)zbMATHCrossRefGoogle Scholar
  7. 7.
    Davis, G., Mallat, S., Avellaneda, M.: Adaptive greedy approximations. Journal of Constructive Approximations 13, 57–98 (1987)MathSciNetGoogle Scholar
  8. 8.
    Gilbert, A., Muthukrishnam, S., Strauss, M.J.: Approximation of functions over redundant dictionaries using coherence. In: 14th ACM-SIAM Symposium on Discrete Algorithms (2003)Google Scholar
  9. 9.
    Natarajan, B.K.: Sparse approximate solutions to linear systems. SIAM Journal of Computation 24, 227–234 (1995)MathSciNetzbMATHCrossRefGoogle Scholar
  10. 10.
    Pati, Y.C., Rezaiifar, R., Krishnaprasad, P.S.: Orthogonal matching pursuit: recursive function approximation with applications to wavelet decomposition. In: Asilomar Conference on Signals, Systems and Computers, vol. 1, pp. 40–44 (1993)Google Scholar
  11. 11.
    Aharon, M., Elad, M., Bruckstein, A.: K-SVD. An algorithm for designing overcomplete dictionaries for sparse representations. IEEE Trans. on Signal Processing 54, 4311–4322 (2006)CrossRefGoogle Scholar
  12. 12.
    Jost, P., Vandergheynst, P., Frossard, P.: Tree-Based Pursuit: Algorithm and Properties. In: Swiss Federal Institute of Technology Lausanne (EPFL), Signal Processing Institute Technical Report, TR-ITS-2005.013 (2005)Google Scholar
  13. 13.
    Choraś, M., Saganowski, Ł., Renk, R., Hołubowicz, W.: Statistical and signal-based network traffic recognition for anomaly detection. Expert Systems: The Journal of Knowledge Engineering (2011), doi:10.1111/j.1468-0394.2010.00576.xGoogle Scholar
  14. 14.
    WIDE Project: MAWI Working Group Traffic Archive,
  15. 15.
    The CAIDA Dataset (2006-2009),
  16. 16.
    Defense Advanced Research Projects Agency DARPA Intrusion Detection Evaluation Data Set,
  17. 17.
    DeLooze, L.: Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps. In: IEEE Workshop on Information Assurance United States Military Academy, West Point, New York, pp. 108–115 (2006)Google Scholar
  18. 18.
    Lakhina, A., Crovella, M., Diot, C.H.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 201–206 (2004)Google Scholar
  19. 19.
    Wei, L., Ghorbani, A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009, Article ID 837601, 16 pages (2009) doi:10.1155/2009/837601Google Scholar
  20. 20.
    Dainotti, A., Pescape, A., Ventre, G.: Wavelet-based Detection of DoS Attacks. In: IEEE GLOBECOM, San Francisco, CA, USA (November 2006)Google Scholar
  21. 21.
    Coppolino, L., D’Antonio, S., Esposito, M., Romano, L.: Exploiting diversity and correlation to improve the performance of intrusion detection systems. In: Proc. of IFIP/IEEE International Conference on Network and Service (2009)Google Scholar
  22. 22.
    Saganowski, Ł., Choraś, M., Renk, R., Hołubowicz, W.: A Novel Signal-Based Approach to Anomaly Detection in IDS Systems. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds.) ICANNGA 2009. LNCS, vol. 5495, pp. 527–536. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Gabor, D.: Theory of communication. Journals Electrical Enginners 93, 429–457 (1946)Google Scholar
  24. 24.
    Goodwin, M.: Adaptive Signal Models: Theory, Algorithms, and Audio Algorithms. Kluwer, Boston (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tomasz Andrysiak
    • 1
    Email author
  • Łukasz Saganowski
    • 1
  • Michał Choraś
    • 1
  1. 1.Institute of TelecommunicationsUniversity of Technology & Life Sciences in BydgoszczBydgoszczPoland

Personalised recommendations