Abstract
Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing Algorithms to detect DDoS attacks, this paper proposes a novel detecting algorithm for DDoS attacks based on IP address features value (IAFV). IAFV is designed to reflect the essential DDoS attacks characteristics, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. IAFV time series can be used to characterize the essential change features of network flows. Furthermore, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. The experimental results on the MIT data set show that our algorithm can detect DDoS attacks accurately and reduce the false alarm rate drastically.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Handley, M.: DoS-resistant Internet subgroup report. Internet Architecture WG. Tech. Rep. (2005), http://www.communications.net/object/download/1543/doc/mjh-dos-summary.pdf
Cheng, C.M., Kung, H.T., Tan, K.S.: Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE GLOBECOM 2002, pp. 2143–2148 (2002)
Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: A statistical anomaly approach. IEEE Commun. Mag., 76–82 (2002)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: Proceedings of ACM SIGCOMM, Portland, Oregon, USA (August 2004)
Kulkarni, A., Bush, S., Evans, S.: Detecting distributed denial-of-service attacks using Kolmogorov complexity metrics. GE Research & Development Center. Tech. Rep: Schectades, New York (2001)
Dongqing, Z., Haifeng, Z., Shaowu, Z., et al.: A DDoS Attack Detection Method Based on Hidden Markov Model. Journal of Computer Research and Development 42(9), 1594–1599 (2005)
Sanguk, N., Gihyun, J., Kyunghee, C., et al.: Compiling network traffic into rules using soft computing methods for the detection of flooding attacks. Applied Soft Computing, 1200–1210 (2008)
Gil, T.M., Poletto, M.: MULTOPS: A data-structure for bandwidth attack detection. In: Proceedings of the 10th USENIX Security Symposium (2001)
Wang, H., Zhang, D., Shin, K.G., Detecting, S.Y.N.: flooding attacks. In: Proceedings of IEEE INFOCOM, pp. 1530–1539 (2002)
Keunsoo, L., Juhyun, K., Ki, H.K., et al.: DDoS attack detection method using cluster analysis. Expert Systems with Applications, 1659–1665 (2008)
Abdelsayed, S., Glimsholt, D., Leckie, C., et al.: An efficient filter for denial-of service bandwidth attacks. In: Proceedings of the 46th IEEE GLOBECOM, pp. 1353–1357 (2003)
Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proceedings of ACM SIGCOMM, Philadelphia, Pennsylvania, USA (2005)
Peng, T., Leckie, C., Kotagiri, R.: Proactively detecting distributed denial of service attacks using source ip address monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference, pp. 771–782 (2004)
Kejie, L., Dapeng, W., Jieyan, F., et al.: Robust and efficient detection of DDoS attacks for large-scale internet. Computer Networks, 5036–5056 (2007)
Burger, C.: A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery 2(2), 121–167 (1998)
Platt, J.: Sequential minimal optimization: A fast algorithm for training support vector machines. Microsoft Research, Tech Rep: MSR-TR-98-14 (1998)
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheng, J., Yin, J., Liu, Y., Cai, Z., Li, M. (2009). DDoS Attack Detection Algorithm Using IP Address Features. In: Deng, X., Hopcroft, J.E., Xue, J. (eds) Frontiers in Algorithmics. FAW 2009. Lecture Notes in Computer Science, vol 5598. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02270-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-02270-8_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02269-2
Online ISBN: 978-3-642-02270-8
eBook Packages: Computer ScienceComputer Science (R0)