Computer Science

Computer Science ›› 2014, Vol. 41 ›› Issue (3): 176-180.

Previous Articles     Next Articles

DDoS Attacks Detection Method Based on Traffic Matrix and Kalman Filter

YAN Ruo-yu   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

438

Abstract: Distributed Denial of Service (DDoS) attack traffic often is an unbearable burden on router,so a new DDoS attack detection method was proposed to release the burden and to detect the attack fast and accurately.In this method,traffic matrix between ports on the router is first constructed to precisely describe DDoS attack traffic aggregation cha-racteristics.Then Generalized Likelihood Ratio (GLR) statistical test is used to detect traffic anomaly after Kalman filter is applied to estimate traffic matrix.After that whether each router port is attacked by DDoS is judged.Finally,a simulation experiment with actual data was conducted to compare the method with PCA method,which shows that the proposed method has higher detection rate,lower false alarm rate and smaller detection lag time.

Key words: Distributed denial of service,Kalman filter,Anomaly detection,Traffic analysis,Traffic matrix

[1] Peng T,Leckie C,Rramaohanarao K.Protection from distributed denial of service attacks using history-based IP filtering[C]∥Proceedings of the International Conference on Communication (ICC).Anchorage:IEEE,2003:482-486
[2] Pu S.Choosing parameters for detecting DDoS attack[C]∥Proceedings of the International Conference on Wavelet Active Media Technology and Information Processing.Chengdu:IEEE Computer Society,2012:239-242
[3] Chen Y H,Wang K,Ku W S.Collaborative detection of DDoS attacks over multiple network domains[J].IEEE transactions on parallel and distributed systems,2007,18(12):1649-1662
[4] 莫家庆,胡忠望,林瑜华.非参数PCUSUM算法DDoS攻击检测[J].计算机工程与应用,2011,7(22):96-98
[5] 任勋益,王汝传,王海艳.基于自相似检测 DDoS 攻击的小波分析方法[J].通信学报,2006,7(5):6-11
[6] Thapngam T,Yu S,Zhou W L.DDoS discrimination by linear discriminant analysis (LDA)[C]∥Proceedings of the 2012International Conference on Computing,Networking and Communications (ICNC).Maui:IEEE Computer Society,2012:532-536
[7] Xia Z M,Lu S N,Li J H.DDoS flood attack detection based on fractal parameters[C]∥Proceedings of the 8th International Conference on Wireless Communications,Networking and Mobile Computing.Shanghai,IEEE,2012:1-5
[8] Lakhina A,Papagiannaki K,Crovella M,et al.Structural analysis of network traffic flow[C]∥Proceedings of the SIGMETRICS/Performance.New York:ACM,2004:61-72
[9] Lakhina A,Crovella M,Diot C.Diagnosing network-wide traffic anomalies[C]∥Proceedings of the SIGCOMM’04.Portland:ACM,2004:219-230
[10] Ringberg H,Soule A,Rexford J P,et al.Sensitivity of PCA for traffic anomaly detection[C]∥Proceedings of the SIGMETRICS’07.San Diego:ACM,2007:109-120
[11] Soule A,Salamatian K,Taft N.Combining filtering and statistical methods for anomaly detection[C]∥Proceedings of the USENIX Internet Measurement Conference.Philadelphia:ACM,2005:331-344
[12] Cisco IOS NetFlow White Papers [EB/OL]. http://www.cisco.com/en/US/products/ps6601/prod_white_papers_list.html,2006-08-21
[13] Cisco NetFlow Performance Analysis White Papers [EB/OL].http://www.cisco.com/en/US/technologies/tk543/tk812/tech-nologies_white_paper0900aecd802a0eb9_ps6601_Products_White_Paper.html,2007-06-15
[14] Hawkinds D M,Qin P H,Kang C W.The changepoint model forstatistical process control [J].Journal of Quality Technology,2003,35(4):355-366
[15] Moore D,Voelker G M,Savge S.Inferring internet Denial-of-Service activity [J].ACM Transactions on Computer Systems,2006,24(2):115-139
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.