Skip to main content
SpringerLink
Log in

DDoS Attack Detection Algorithm Using IP Address Features

  • Conference paper
Book cover Frontiers in Algorithmics (FAW 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5598))

Included in the following conference series:

Abstract

Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing Algorithms to detect DDoS attacks, this paper proposes a novel detecting algorithm for DDoS attacks based on IP address features value (IAFV). IAFV is designed to reflect the essential DDoS attacks characteristics, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. IAFV time series can be used to characterize the essential change features of network flows. Furthermore, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. The experimental results on the MIT data set show that our algorithm can detect DDoS attacks accurately and reduce the false alarm rate drastically.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Handley, M.: DoS-resistant Internet subgroup report. Internet Architecture WG. Tech. Rep. (2005), http://www.communications.net/object/download/1543/doc/mjh-dos-summary.pdf

  2. Cheng, C.M., Kung, H.T., Tan, K.S.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE GLOBECOM 2002, pp. 2143–2148 (2002)

    Google Scholar 

  3. Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: A statistical anomaly approach. IEEE Commun. Mag., 76–82 (2002)

    Google Scholar 

  4. Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: Proceedings of ACM SIGCOMM, Portland, Oregon, USA (August 2004)

    Google Scholar 

  5. Kulkarni, A., Bush, S., Evans, S.: Detecting distributed denial-of-service attacks using Kolmogorov complexity metrics. GE Research & Development Center. Tech. Rep: Schectades, New York (2001)

    Google Scholar 

  6. Dongqing, Z., Haifeng, Z., Shaowu, Z., et al.: A DDoS Attack Detection Method Based on Hidden Markov Model. Journal of Computer Research and Development 42(9), 1594–1599 (2005)

    Article  Google Scholar 

  7. Sanguk, N., Gihyun, J., Kyunghee, C., et al.: Compiling network traffic into rules using soft computing methods for the detection of flooding attacks. Applied Soft Computing, 1200–1210 (2008)

    Google Scholar 

  8. Gil, T.M., Poletto, M.: MULTOPS: A data-structure for bandwidth attack detection. In: Proceedings of the 10th USENIX Security Symposium (2001)

    Google Scholar 

  9. Wang, H., Zhang, D., Shin, K.G., Detecting, S.Y.N.: flooding attacks. In: Proceedings of IEEE INFOCOM, pp. 1530–1539 (2002)

    Google Scholar 

  10. Keunsoo, L., Juhyun, K., Ki, H.K., et al.: DDoS attack detection method using cluster analysis. Expert Systems with Applications, 1659–1665 (2008)

    Google Scholar 

  11. Abdelsayed, S., Glimsholt, D., Leckie, C., et al.: An efficient filter for denial-of service bandwidth attacks. In: Proceedings of the 46th IEEE GLOBECOM, pp. 1353–1357 (2003)

    Google Scholar 

  12. Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proceedings of ACM SIGCOMM, Philadelphia, Pennsylvania, USA (2005)

    Google Scholar 

  13. Peng, T., Leckie, C., Kotagiri, R.: Proactively detecting distributed denial of service attacks using source ip address monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference, pp. 771–782 (2004)

    Google Scholar 

  14. Kejie, L., Dapeng, W., Jieyan, F., et al.: Robust and efficient detection of DDoS attacks for large-scale internet. Computer Networks, 5036–5056 (2007)

    Google Scholar 

  15. Burger, C.: A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery 2(2), 121–167 (1998)

    Article  Google Scholar 

  16. Platt, J.: Sequential minimal optimization: A fast algorithm for training support vector machines. Microsoft Research, Tech Rep: MSR-TR-98-14 (1998)

    Google Scholar 

  17. http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, 410073, China

    Jieren Cheng, Jianping Yin, Yun Liu, Zhiping Cai & Min Li

  2. Department of mathematics, Xiangnan University, Chenzhou, 423000, China

    Jieren Cheng

Authors
  1. Jieren Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianping Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhiping Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Min Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science,, City University of Hong Kong, No. 83 Tat Chee Avenue, Kowloon Tong, Hong Kong, China

    Xiaotie Deng

  2. Computer Science Department, Cornell University, 5144 Upson Hall, NY 14853, Ithaca, USA

    John E. Hopcroft

  3. Provincial Key Laboratory of High-Performance Computing, Jiangxi Normal University, 330027, Nanchang, China

    Jinyun Xue

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cheng, J., Yin, J., Liu, Y., Cai, Z., Li, M. (2009). DDoS Attack Detection Algorithm Using IP Address Features. In: Deng, X., Hopcroft, J.E., Xue, J. (eds) Frontiers in Algorithmics. FAW 2009. Lecture Notes in Computer Science, vol 5598. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02270-8_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02270-8_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02269-2

  • Online ISBN: 978-3-642-02270-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation