DDoS discrimination by linear discriminant analysis (LDA)
conference contribution
posted on 2012-01-01, 00:00authored byTheerasak Thapngam, Shui Yu, Wanlei Zhou
In this paper, we propose an effective approach with a supervised learning system based on Linear Discriminant Analysis (LDA) to discriminate legitimate traffic from DDoS attack traffic. Currently there is a wide outbreak of DDoS attacks that remain risky for the entire Internet. Different attack methods and strategies are trying to challenge defence systems. Among the behaviours of attack sources, repeatable and predictable features differ from source of legitimate traffic. In addition, the DDoS defence systems lack the learning ability to fine-tune their accuracy. This paper analyses real trace traffic from publicly available datasets. Pearson's correlation coefficient and Shannon's entropy are deployed for extracting dependency and predictability of traffic data respectively. Then, LDA is used to train and classify legitimate and attack traffic flows. From the results of our experiment, we can confirm that the proposed discrimination system can differentiate DDoS attacks from legitimate traffic with a high rate of accuracy.
History
Event
Computing, Networking and Communications. Conference (2012 : Maui, Hawaii)