Adaptive DDoS-event detection from big darknet traffic data
作者: Nobuaki Furutani , Jun Kitazono , Seiichi Ozawa , Tao Ban , Junji Nakazato
DOI: 10.1007/978-3-319-26561-2_45
关键词:
摘要: This paper presents an adaptive large-scale monitoring system to detect Distributed Denial of Service (DDoS) attacks whose backscatter packets are observed on the darknet (i.e., unused IP space). To classify DDoS backscatter, 17 features traffic defined from IPs/ports information for source and destination hosts. adapt change attacks, we newly implement online learning function in proposed system, where SVM classifier is continuously trained with transformed during a certain period. In performance evaluation, use MWS Dataset 2014 that consists collected 1st January 28th February (8 weeks). We demonstrate keeps good test detection (0.98 F-measure).
springer.com
sci-hub.se 参考文章(13)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Ron Kohavi, A study of cross-validation and bootstrap for accuracy estimation and model selection international joint conference on artificial intelligence. ,vol. 2, pp. 1137- 1143 ,(1995)
Matthew Orlinski, Matthias Wählisch, Christian Rossow, Thomas C. Schmidt, Fabrice J. Ryba, Amplification and DRDoS Attack Defense - A Survey and New Perspectives. arXiv: Networking and Internet Architecture. ,(2015)
Nobuaki Furutani, Tao Ban, Junji Nakazato, Jumpei Shimamura, Jun Kitazono, Seiichi Ozawa, Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets information security. pp. 39- 43 ,(2014) , 10.1109/ASIAJCIS.2014.23
Uli Harder, Matt W. Johnson, Jeremy T. Bradley, William J. Knottenbelt, Observing Internet Worm and Virus Attacks with a Small Network Telescope Electronic Notes in Theoretical Computer Science. ,vol. 151, pp. 47- 59 ,(2006) , 10.1016/J.ENTCS.2006.03.011
Loai Zomlot, Marc R. Eisenbarth, Xinming Ou, S. Raj Rajagopalan, Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Classification of UDP traffic for DDoS detection usenix conference on large scale exploits and emergent threats. pp. 7- 7 ,(2012)
Jelena Mirkovic, Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms acm special interest group on data communication. ,vol. 34, pp. 39- 53 ,(2004) , 10.1145/997150.997156
Chih-Jen Lin, Chih-Wei Hsu, Chih-Chung Chang, A Practical Guide to Support Vector Classication 臺北市:國立臺灣大學資訊工程學系. ,(2008)
Vladimir Naumovich Vapnik, Vlamimir Vapnik, Statistical learning theory John Wiley & Sons. ,(1998)
Chih-Chung Chang, Chih-Jen Lin, LIBSVM ACM Transactions on Intelligent Systems and Technology. ,vol. 2, pp. 1- 27 ,(2011) , 10.1145/1961189.1961199