Adaptive clustering with feature ranking for DDoS attacks detection
Version 2 2024-06-04, 04:13Version 2 2024-06-04, 04:13
Version 1 2017-07-27, 13:12Version 1 2017-07-27, 13:12
conference contribution
posted on 2024-06-04, 04:13 authored by L Zi, John YearwoodJohn Yearwood, XW WuDistributed Denial of Service (DDoS) attacks pose an increasing threat to the current internet. The detection of such attacks plays an important role in maintaining the security of networks. In this paper, we propose a novel adaptive clustering method combined with feature ranking for DDoS attacks detection. First, based on the analysis of network traffic, preliminary variables are selected. Second, the Modified Global K-means algorithm (MGKM) is used as the basic incremental clustering algorithm to identify the cluster structure of the target data. Third, the linear correlation coefficient is used for feature ranking. Lastly, the feature ranking result is used to inform and recalculate the clusters. This adaptive process can make worthwhile adjustments to the working feature vector according to different patterns of DDoS attacks, and can improve the quality of the clusters and the effectiveness of the clustering algorithm. The experimental results demonstrate that our method is effective and adaptive in detecting the separate phases of DDoS attacks. © 2010 IEEE.
History
Pagination
281-286Location
Melbourne, Vic.Publisher DOI
Start date
2010-09-01End date
2010-09-03ISBN-13
9780769541594Publication classification
EN.1 Other conference paperTitle of proceedings
Proceedings - 2010 4th International Conference on Network and System Security, NSS 2010Publisher
IEEEPlace of publication
Piscataway, N.J.Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC