zhu-anovelfeature-inpress-2022.pdf (1.31 MB)
Download file

A novel feature-based framework enabling multi-type DDoS attacks detection

Download (1.31 MB)
journal contribution
posted on 2022-04-05, 00:00 authored by Lu ZhouLu Zhou, Ye ZhuYe Zhu, Yong XiangYong Xiang, T Zong
AbstractDistributed Denial of Service (DDoS) attacks are among the most severe threats in cyberspace. The existing methods are only designed to decide whether certain types of DDoS attacks are ongoing. As a result, they cannot detect other types of attacks, not to mention the even more challenging mixed DDoS attacks. In this paper, we comprehensively analyzed the characteristics of various types of DDoS attacks and innovatively proposed five new features from heterogeneous packets including entropy rate of IP source flow, entropy rate of flow, entropy of packet size, entropy rate of packet size, and number of ICMP destination unreachable packet to detect not only various types of DDoS attacks, but also the mixture of them. The experimental results show that the proposed fives features ranked at the top compared with other common features in terms of effectiveness. Besides, by using these features, our proposed framework outperforms the existing methods when detecting various DDoS attacks and mixed DDoS attacks. The detection accuracy improvements over the existing methods are between 21% and 53%.

History

Journal

World Wide Web

Pagination

1 - 23

Publisher

Springer

Location

Berlin, Germany

ISSN

1386-145X

eISSN

1573-1413

Language

English

Publication classification

C1 Refereed article in a scholarly journal