Skip to main content
SpringerLink
Log in

DDoS Attack Detection Method Based on Linear Prediction Model

  • Conference paper
Emerging Intelligent Computing Technology and Applications (ICIC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5754))

Included in the following conference series:

Abstract

Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. The IP Flow feature value (FFV) algorithm is proposed based on the essential features of DDoS attacks, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. Using linear prediction technique, a simple and efficient ARMA prediction model is established for normal network flow. Then a DDoS attack detection scheme based on anomaly detection techniques and linear prediction model (DDAP) is designed. Furthermore, an alert evaluation mechanism is developed to reduce the false positives due to prediction error and flow noise. The experiment results demonstrate that DDAP is an efficient DDoS attacks detection scheme with more accuracy and lower false alarm rate.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Handley, M.: DoS-resistant Internet Subgroup Report. Internet Architecture WG. Tech. Rep. (2005), http://www.communications.net/object/download/1543/doc/mjh-dos-summary.pdf

  2. Kuzmanovic, A., Knightly, E.W.: Low-rate TCP-targeted Denial of Service Attacks and Counter Strategies. IEEE-Acm Transactions on Networking 14(4), 683–696 (2006)

    Article  Google Scholar 

  3. Macia-Fernandez, G., Diaz-Verdejo, J.E., Garcia-Teodoro, P.: Evaluation of a Low-rate DoS Attack against Iterative Servers. Computer Networks 51(4), 1013–1030 (2007)

    Article  MATH  Google Scholar 

  4. Macia-Fernandez, G., Diaz-Verdejo, J.E., Garcia-Teodoro, P.: Evaluation of a Low-rate DoS Attack against Application Servers. Computers & Security 27(7-8), 335–354 (2008)

    Article  Google Scholar 

  5. Kumar, V.A., Jayalekshmy, P.S., Patra, G.K., et al.: On Remote Exploitation of TCP Sender for Low-Rate Flooding Denial-of-Service Attack. IEEE Communications Letters 13(1), 46–48 (2009)

    Article  Google Scholar 

  6. Cheng, C.M., Kung, H.T., Tan, K.S.: Use of Spectral Analysis in Defense against DoS Attacks. In: Proceedings of IEEE GLOBECOM, pp. 2143–2148 (2002)

    Google Scholar 

  7. Manikopoulos, C., Papavassiliou, S.: Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Commun. Mag., 76–82 (2002)

    Google Scholar 

  8. Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: Proceedings of ACM SIGCOMM, Portland, Oregon, USA (2004)

    Google Scholar 

  9. Sanguk, N., Gihyun, J., Kyunghee, C., et al.: Compiling Network Traffic into Rules Using Soft Computing Methods for the Detection of Flooding Attacks. Applied Soft Computing, 1200–1210 (2008)

    Google Scholar 

  10. Keunsoo, L., Juhyun, K., Ki, H.K., et al.: DDoS Attack Detection Method Using Cluster Analysis. Expert Systems with Applications, 1659–1665 (2008)

    Google Scholar 

  11. Abdelsayed, S., Glimsholt, D., Leckie, C., et al.: An efficient Filter for Denial-of Service Bandwidth Attacks. In: Proceedings of the 46th IEEE GLOBECOM, pp. 1353–1357 (2003)

    Google Scholar 

  12. Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proceedings of ACM SIGCOMM, Philadelphia, Pennsylvania, USA (2005)

    Google Scholar 

  13. Peng, T., Leckie, C., Kotagiri, R.: Proactively Detecting Distributed Denial of Service Attacks Using Source Ip Address Monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference, pp. 771–782 (2004)

    Google Scholar 

  14. Cheng, J., Yin, J.P., Liu, Y., et al.: DDoS Attack Detection Algorithm Using IP Address Features. In: Proceedings of FAW 2009. LNCS. Springer, Heidelberg (2009)

    Google Scholar 

  15. http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html

  16. Ljung, L.: System Identification: Theory for the User. Prentice-Hal PTR, Upper Saddle River (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, 410073, Changsha, China

    Jieren Cheng, Jianping Yin, Chengkun Wu & Yun Liu

  2. Department of Mathematics, Xiangnan University, 423000, Chenzhou, China

    Jieren Cheng

  3. Department of Computer, Hunan Public Security College, 423000, Changsha, China

    Boyun Zhang

Authors
  1. Jieren Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianping Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chengkun Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Boyun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Intelligent Machines, Chinese Academy of Sciences, China

    De-Shuang Huang

  2. Graduate School of Electrical Engineering, University of Ulsan, Korea, San 29, Mugeo-Dong, Nam-Ku, 680 - 749, Ulsan, Korea

    Kang-Hyun Jo

  3. School of Electrical Engineering, University of Ulsan, Ulsan, South Korea

    Hong-Hee Lee

  4. School of Electrical Engineering, University of Ulsan, South Korea

    Hee-Jun Kang

  5. e.B.I.S. s.r.l. (electronic Business in Security), Spin-Off of Polytechnic of Bari, Str. Prov. per Casamassima Km., 3-70010, Valenzano, (BA), Italy

    Vitoantonio Bevilacqua

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cheng, J., Yin, J., Wu, C., Zhang, B., Liu, Y. (2009). DDoS Attack Detection Method Based on Linear Prediction Model. In: Huang, DS., Jo, KH., Lee, HH., Kang, HJ., Bevilacqua, V. (eds) Emerging Intelligent Computing Technology and Applications. ICIC 2009. Lecture Notes in Computer Science, vol 5754. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04070-2_106

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04070-2_106

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04069-6

  • Online ISBN: 978-3-642-04070-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation