Advertisement

Combining Cross-Correlation and Fuzzy Classification to Detect Distributed Denial-of-Service Attacks

  • Wei Wei
  • Yabo Dong
  • Dongming Lu
  • Guang Jin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3994)

Abstract

In legitimate traffic the correlation exists between the outgoing traffic and incoming traffic of a server network because of the request-reply actions in most protocols. When DDoS attacks occur, the attackers send packets with faked source addresses. As a result, the outgoing traffic to the faked addresses does not induce any related incoming traffic. Our main idea is to find changes in the correlation caused by DDoS. We sample network traffics using Extended First Connection Density (EFCD), and express correlation by cross-correlation function. Because network traffic in DDoS-initiating stage is much similar to legitimate traffic, we use fuzzy classification in order to guarantee the accuracy. Experiments show that DDoS traffic can be identified accurately by our algorithm.

Keywords

Output Class Fuzzy Classification Incoming Traffic Outgoing Traffic False Positive Alarm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. Computer Communication Review 34(2), 39–53 (2004)CrossRefGoogle Scholar
  2. 2.
    Li, Q., Chang, E.C., Chan, M.C.: On the effectiveness of DDoS attacks on statistical filtering. In: Proceedings of IEEE INFOCOM 2005 (March 2005)Google Scholar
  3. 3.
    Hussain, A., Heidemann, J., Papadopoulos, C.: Identification of Repeated Denial of Service Attacks. In: Proceedings of IEEE INFOCOM 2006 (April 2006)Google Scholar
  4. 4.
    Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proceedings of ACM SIGCOMM 2005 (August 2005)Google Scholar
  5. 5.
    Laura, F., Dan, S.: Statistical Approaches to DDoS Attack Detection and Response. In: Proceedings of DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314 (2003)Google Scholar
  6. 6.
    Jin, S., Yeung, Y.D.: A covariance analysis model for DDoS attack detection. In: Proceedings of IEEE International Conference on Communications, vol. 4, pp. 1882–1886 (2004)Google Scholar
  7. 7.
    Li, L., Lee, G.: DDoS attack detection and wavelets. Computer Communications and Networks, 421–427 (2003)Google Scholar
  8. 8.
    Li, M.: An approach to reliably identifying signs of DDoS flood attacks based on LRD traffic pattern recognition. Computers and Security 23(7), 549–558 (2004)CrossRefGoogle Scholar
  9. 9.
    Xiang, Y., Lin, Y., Lei, W.L., Huang, S.J.: Detecting DDoS attack based on network self-similarity. IEEE Proceedings Communications 151(3), 292–295 (2004)CrossRefGoogle Scholar
  10. 10.
    Blazek, R., Kim, H., Rozovskii, B., Alexander, T.: A novel approach to detection of “denial–of–service” attacks via adaptive sequential and batch–sequential change–point detection methods. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy (2001)Google Scholar
  11. 11.
    Shon, T., Kim, Y., Lee, C.: Jongsub Moon: A machine learning framework for network anomaly detection using SVM and GA. In: Proceedings of Systems, Man and Cybernetics (SMC) Information Assurance Workshop, pp. 176–183 (2005)Google Scholar
  12. 12.
  13. 13.
    Box, G.E.P., Jenkins, G.M., Reinsel, G.C.: Time Series Analysis: Forecasting and Control, 3rd edn. Prentice Hall, Englewood Cliffs (1994)MATHGoogle Scholar
  14. 14.
    Ravi, V., Zimmermann, H.J.: Fuzzy rule based classification with FeatureSelector and modified threshold accepting. European Journal of Operational Research 123(1), 16–28 (2000)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Wei Wei
    • 1
  • Yabo Dong
    • 1
  • Dongming Lu
    • 1
  • Guang Jin
    • 2
  1. 1.College of Compute Science and TechnologyZhejiang UniversityHangzhouP.R. China
  2. 2.College of Information Science and EngineeringNingbo UniversityNingboP.R. China

Personalised recommendations