Combining cross-correlation and fuzzy classification to detect distributed denial-of-service attacks
作者: Wei Wei , Yabo Dong , Dongming Lu , Guang Jin
DOI: 10.1007/11758549_8
关键词: Fuzzy logic 、 Correlation function (quantum field theory) 、 Computer network 、 Fuzzy classification 、 Network traffic control 、 Denial-of-service attack 、 Network packet 、 Traffic generation model 、 Computer science 、 Traffic shaping
摘要: In legitimate traffic the correlation exists between outgoing and incoming of a server network because request-reply actions in most protocols. When DDoS attacks occur, attackers send packets with faked source addresses. As result, to addresses does not induce any related traffic. Our main idea is find changes caused by DDoS. We sample traffics using Extended First Connection Density (EFCD), express cross-correlation function. Because DDoS-initiating stage much similar traffic, we use fuzzy classification order guarantee accuracy. Experiments show that can be identified accurately our algorithm.
springer.com
sci-hub.st 参考文章(14)
Alexander Tartakovsky, Boris Rozovskii, A novel approach to detection of \denial{of{service" attacks via adaptive sequential and batch{sequential change{point detection methods ,(2001)
Qimino Li, Ee-Chien Chang, Mun Choon Chan, On the effectiveness of DDoS attacks on statistical filtering international conference on computer communications. ,vol. 2, pp. 1373- 1383 ,(2005) , 10.1109/INFCOM.2005.1498362
V. Ravi, H.-J. Zimmermann, Fuzzy rule based classification with FeatureSelector and modified threshold accepting European Journal of Operational Research. ,vol. 123, pp. 16- 28 ,(2000) , 10.1016/S0377-2217(99)00090-9
Roger M. Needham, Denial of service: an example Communications of The ACM. ,vol. 37, pp. 42- 46 ,(1994) , 10.1145/188280.188294
L. Li, G. Lee, DDoS attack detection and wavelets international conference on computer communications and networks. pp. 421- 427 ,(2003) , 10.1109/ICCCN.2003.1284203
Jelena Mirkovic, Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms acm special interest group on data communication. ,vol. 34, pp. 39- 53 ,(2004) , 10.1145/997150.997156
George Edward Pelham Box, Gwilym M. Jenkins, Time series analysis, forecasting and control ,(1970)
Y. Xiang, Y. Lin, W.L. Lei, S.J. Huang, Detecting DDOS attack based on network self-similarity IEE Proceedings - Communications. ,vol. 151, pp. 292- 295 ,(2004) , 10.1049/IP-COM:20040526
Toeshik Shon, Yongdae Kim, Cheolwon Lee, Jongsub Moon, A machine learning framework for network anomaly detection using SVM and GA systems man and cybernetics. pp. 176- 183 ,(2005) , 10.1109/IAW.2005.1495950
A. Hussain, J. Heidemann, C. Papadopoulos, Identification of Repeated Denial of Service Attacks ieee international conference computer and communications. pp. 1- 15 ,(2006) , 10.1109/INFOCOM.2006.126