Distributed denial of service (DDoS) detection by traffic pattern analysis

Thapngam, Theerasak, Yu, Shui, Zhou, Wanlei and Makki, S.Kami 2014, Distributed denial of service (DDoS) detection by traffic pattern analysis, Peer-to-peer networking and applications, vol. 7, no. 4, pp. 346-358, doi: 10.1007/s12083-012-0173-3.

Attached Files
Name Description MIMEType Size Downloads

Title Distributed denial of service (DDoS) detection by traffic pattern analysis
Author(s) Thapngam, Theerasak
Yu, ShuiORCID iD for Yu, Shui orcid.org/0000-0003-4485-6743
Zhou, WanleiORCID iD for Zhou, Wanlei orcid.org/0000-0002-1680-2521
Makki, S.Kami
Journal name Peer-to-peer networking and applications
Volume number 7
Issue number 4
Start page 346
End page 358
Total pages 13
Publisher Springer New York LLC
Place of publication New York, N.Y.
Publication date 2014-12
ISSN 1936-6450
Keyword(s) anomaly detection
correlation coefficient
DDoS attacks
traffic patterns
Summary In this paper, we propose a behavior-based detection that can discriminate Distributed Denial of Service (DDoS) attack traffic from legitimated traffic regardless to various types of the attack packets and methods. Current DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission rates and packet forms to beat defense systems. These various attack strategies lead to defense systems requiring various detection methods in order to identify the attacks. Moreover, DDoS attacks can craft the traffics like flash crowd events and fly under the radar through the victim. We notice that DDoS attacks have features of repeatable patterns which are different from legitimate flash crowd traffics. In this paper, we propose a comparable detection methods based on the Pearson’s correlation coefficient. Our methods can extract the repeatable features from the packet arrivals in the DDoS traffics but not in flash crowd traffics. The extensive simulations were tested for the optimization of the detection methods. We then performed experiments with several datasets and our results affirm that the proposed methods can differentiate DDoS attacks from legitimate traffics.
Language eng
DOI 10.1007/s12083-012-0173-3
Field of Research 089999 Information and Computing Sciences not elsewhere classified
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category C1 Refereed article in a scholarly journal
Copyright notice ©2012, Springer
Persistent URL http://hdl.handle.net/10536/DRO/DU:30051387

Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 17 times in TR Web of Science
Scopus Citation Count Cited 22 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 816 Abstract Views, 7 File Downloads  -  Detailed Statistics
Created: Mon, 18 Mar 2013, 10:19:22 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.