Anomaly Detection for DDoS Attacks via Behavior Profiles Deviation Degree

Yun Liu; Jian Ping Yin; Zhi Ping Cai; Jia Run Lin

doi:10.4028/www.scientific.net/AMR.532-533.777

Paper Titles

A Joint Method Based on Wavelet and Curvelet Transform for Image Denoising
p.758

Based on Immune Algorithm Heat Treatment Analysis of the Alloy
p.763

Applying Web Mining Techniques for Constructing Webometrics Ranking early Warning System
p.767

A Multiagent-Based Network Information Filtering System
p.772

Anomaly Detection for DDoS Attacks via Behavior Profiles Deviation Degree
p.777

The Application of IaCLA Model to Adaptive Image Quantization
p.782

Blind CFA Interpolation Detection Based on the Entropy
p.787

A New Method for Content-Based Image Retrieval via Subsets of Key Contours Fragments
p.792

Image Denoising New Method Based on Fractional Partial Differential Equation
p.797

HomeAdvanced Materials ResearchAdvanced Materials Research Vols. 532-533Anomaly Detection for DDoS Attacks via Behavior...

Anomaly Detection for DDoS Attacks via Behavior Profiles Deviation Degree

Abstract:

Distributed Denial-of-Service (DDoS) attacks present a very serious threat to the stability of the Internet. In this paper, an anomaly detection method for DDoS attacks via Behavior Profiles Deviation Degree (BPDD) is proposed. First, the behavior profiles of normal traffic and real-time traffic are constructed using Markov Chain respectively, and then BPDD is designed to measure the discrepancy of the two profiles. Furthermore, TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) algorithm is applied to identify attacks by classifying the BPDD samples. The experimental results demonstrate that the proposed method can effectively distinguish normal traffic from DDoS attacks, and has higher detection ratio and lower false alarm ratio than traditional methods.

You might also be interested in these eBooks

View Preview

Info:

Periodical:

Advanced Materials Research (Volumes 532-533)

Pages:

777-781

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.532-533.777

Citation:

Cite this paper

Online since:

June 2012

Authors:

Yun Liu, Jian Ping Yin, Zhi Ping Cai, Jia Run Lin

Keywords:

Anomaly Detection, Behavior Profile, TCM-KNN Algorithm

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

Citation:

References

[1] T. Peng, C. Leckie and K. Ramamohanarao: Proactively detecting distributed denial of service attacks using source ip address monitoring, In Proc. the Third International IFIP-TC6 Networking Conference, pp.771-782, (2004).

DOI: 10.1007/978-3-540-24693-0_63

Google Scholar

[2] A. Lakhina, M. Crovella and C. Diot: Mining Anomalies Using Traffic Feature Distributions. In Proc. ACM SIGCOMM 2005, pp.217-228, (2005).

DOI: 10.1145/1090191.1080118

Google Scholar

[3] Z.X. Sun and Q.D. Li: Defending DDos Attacks Based on the Source and Destination IP Address Database. Chinese Journal of Software, vol. 18(10), pp: 2613-2623, (2007).

DOI: 10.1360/jos182613

Google Scholar

[4] S. Noh, G. Jung, K. Choi and C. Lee: Compiling network traffic into rules using soft computing methods for the detection of flooding attacks. Applied Soft Computing, vol. 8, pp.1200-1210, (2008).

DOI: 10.1016/j.asoc.2007.02.016

Google Scholar

[5] D.Q. Zhou, H.F. Zhang, S.W. Zhang and X.P. Hu: A DDoS Attack Detection Method Based on Hidden Markov Model. Chinese Journal of Computer Research and Development, vol. 42(9), pp.1594-1599, (2005).

DOI: 10.1360/crad20050921

Google Scholar

[6] Y. Li, B.X. Fang, L. Guo and Y. Chen: Network Anomaly Detection Based on TCM-KNN Algorithm. In Proc. ACM Symp. Information, Computer and Communications Security (ASIACCS 07), pp.13-19, (2007).

DOI: 10.1145/1229285.1229292

Google Scholar

[7] MAWI Working Group, Traffic archive. http: /tracer. csl. sony. co. jp/mawi.

Google Scholar

[8] MIT Lincoln aboratory, http: /www. ll. mit. edu/mission/communications/ist/corpora/ideval/data/ index. html.

Google Scholar