Abstract
Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. The IP Flow feature value (FFV) algorithm is proposed based on the essential features of DDoS attacks, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. Using linear prediction technique, a simple and efficient ARMA prediction model is established for normal network flow. Then a DDoS attack detection scheme based on anomaly detection techniques and linear prediction model (DDAP) is designed. Furthermore, an alert evaluation mechanism is developed to reduce the false positives due to prediction error and flow noise. The experiment results demonstrate that DDAP is an efficient DDoS attacks detection scheme with more accuracy and lower false alarm rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Handley, M.: DoS-resistant Internet Subgroup Report. Internet Architecture WG. Tech. Rep. (2005), http://www.communications.net/object/download/1543/doc/mjh-dos-summary.pdf
Kuzmanovic, A., Knightly, E.W.: Low-rate TCP-targeted Denial of Service Attacks and Counter Strategies. IEEE-Acm Transactions on Networking 14(4), 683–696 (2006)
Macia-Fernandez, G., Diaz-Verdejo, J.E., Garcia-Teodoro, P.: Evaluation of a Low-rate DoS Attack against Iterative Servers. Computer Networks 51(4), 1013–1030 (2007)
Macia-Fernandez, G., Diaz-Verdejo, J.E., Garcia-Teodoro, P.: Evaluation of a Low-rate DoS Attack against Application Servers. Computers & Security 27(7-8), 335–354 (2008)
Kumar, V.A., Jayalekshmy, P.S., Patra, G.K., et al.: On Remote Exploitation of TCP Sender for Low-Rate Flooding Denial-of-Service Attack. IEEE Communications Letters 13(1), 46–48 (2009)
Cheng, C.M., Kung, H.T., Tan, K.S.: Use of Spectral Analysis in Defense against DoS Attacks. In: Proceedings of IEEE GLOBECOM, pp. 2143–2148 (2002)
Manikopoulos, C., Papavassiliou, S.: Network Intrusion and Fault Detection: A Statistical Anomaly Approach. IEEE Commun. Mag., 76–82 (2002)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: Proceedings of ACM SIGCOMM, Portland, Oregon, USA (2004)
Sanguk, N., Gihyun, J., Kyunghee, C., et al.: Compiling Network Traffic into Rules Using Soft Computing Methods for the Detection of Flooding Attacks. Applied Soft Computing, 1200–1210 (2008)
Keunsoo, L., Juhyun, K., Ki, H.K., et al.: DDoS Attack Detection Method Using Cluster Analysis. Expert Systems with Applications, 1659–1665 (2008)
Abdelsayed, S., Glimsholt, D., Leckie, C., et al.: An efficient Filter for Denial-of Service Bandwidth Attacks. In: Proceedings of the 46th IEEE GLOBECOM, pp. 1353–1357 (2003)
Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proceedings of ACM SIGCOMM, Philadelphia, Pennsylvania, USA (2005)
Peng, T., Leckie, C., Kotagiri, R.: Proactively Detecting Distributed Denial of Service Attacks Using Source Ip Address Monitoring. In: Proceedings of the Third International IFIP-TC6 Networking Conference, pp. 771–782 (2004)
Cheng, J., Yin, J.P., Liu, Y., et al.: DDoS Attack Detection Algorithm Using IP Address Features. In: Proceedings of FAW 2009. LNCS. Springer, Heidelberg (2009)
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
Ljung, L.: System Identification: Theory for the User. Prentice-Hal PTR, Upper Saddle River (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheng, J., Yin, J., Wu, C., Zhang, B., Liu, Y. (2009). DDoS Attack Detection Method Based on Linear Prediction Model. In: Huang, DS., Jo, KH., Lee, HH., Kang, HJ., Bevilacqua, V. (eds) Emerging Intelligent Computing Technology and Applications. ICIC 2009. Lecture Notes in Computer Science, vol 5754. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04070-2_106
Download citation
DOI: https://doi.org/10.1007/978-3-642-04070-2_106
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04069-6
Online ISBN: 978-3-642-04070-2
eBook Packages: Computer ScienceComputer Science (R0)