Abstract
This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good guidance of attack detection. Aggregated traffic has been found to be strong bursty across a wide range of time scales. Wavelet analysis is able to capture complex temporal correlation across multiple time scales with very low computational complexity. We utilize energy distribution based on wavelet analysis to detect DDoS attack traffic. Energy distribution over time would have limited variation if the traffic keeps its behavior over time (i.e. attack-free situation); while an introduction of attack traffic in the network would elicit significant energy distribution deviation in short time period. Our experimental results with typical Internet traffic trace show that energy distribution variance changes markedly causing a "spike" when traffic behaviors affected by DDoS attack In contrast, normal traffic exhibits a remarkably stationary energy distribution. In addition, this spike in energy distribution variance can be captured in early stage of attack, for ahead of congestion build-up, making it an effective attack detection.
Original language | English |
---|---|
Title of host publication | Proceedings - International Conference on Computer Communications and Networks, ICCCN |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 421-427 |
Number of pages | 7 |
Volume | 2003-January |
ISBN (Print) | 0780379454 |
DOIs | |
Publication status | Published - 2003 |
Externally published | Yes |
Event | 12th IEEE International Conference on Computer Communications and Networks, ICCCN 2003 - Dallas, United States Duration: 2003 Oct 20 → 2003 Oct 22 |
Other
Other | 12th IEEE International Conference on Computer Communications and Networks, ICCCN 2003 |
---|---|
Country/Territory | United States |
City | Dallas |
Period | 03/10/20 → 03/10/22 |
Keywords
- Computational complexity
- Computer crime
- Energy capture
- Filtering
- IP networks
- Power generation economics
- Telecommunication traffic
- Traffic control
- Wavelet analysis
- Web and internet services
ASJC Scopus subject areas
- Computer Networks and Communications
- Hardware and Architecture
- Software