A change-point DDoS attack detection method based on half interaction anomaly degree Online publication date: Fri, 10-Mar-2017
by Jieren Cheng; Xiangyan Tang; Jianping Yin
International Journal of Autonomous and Adaptive Communications Systems (IJAACS), Vol. 10, No. 1, 2017
Abstract: We propose a change-point DDoS attack detection method based on half interaction anomaly degree. For large-scale DDoS attacks, some key routing devices will route a large volume of converged DDoS attack flows, and at the same time, the normal traffic routed by those devices is also large. As a result, the current methods will be largely affected by large volume of normal flows, which will lead to high false positive rate and false negative rate. This paper proposes the concept of IP flow address half interaction anomaly degree (HIAD). We extract HIAD from abnormal flows in the network, then transform the HIAD time series into CSTS by an improved cumulative sum (CUSUM) algorithm, and propose a CSTS-based DDoS attack detection (CDAD) method. Experiments show that the CDAD method can extract features of DDoS attack flows from abnormal flows and recognise the DDoS attack rapidly and effectively.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Autonomous and Adaptive Communications Systems (IJAACS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com