J4 ›› 2011, Vol. 33 ›› Issue (4): 1-7.doi: 10.3969/j.issn.1007130X.2011.
• 论文 • Next Articles
LIU Yun,YIN Jianping,CHENG Jieren,CAI Zhiping
Received:
Revised:
Online:
Published:
Abstract:
Distributed Increasingrate DenialofService (DIDoS) attacks gradually increase the sending rate of packets to exhaust the victim’s resources slowly, so DIDoS attacks have a higher concealment than the traditional DDoS attacks. How to detect DIDoS attacks as soon as possible is an urgent problem we should study. In view of the characteristics of DIDoS attacks, a novel approach for early detection based on an improved adaptive autoregressive (AAR) model is proposed. In this approach, a set of novel detection features based on the conditional entropy called the Traffic Feature Conditional Entropy (TFCE), are used to reflect the increase of DIDoS attack traffic rate. Then an improved AAR model is used to predict the multistep TFCE values. Finally a trained SVM classifier is adopted to identify the tendency of attacks by classifying the predicted TFCE values. The experimental results demonstrate that our approach can not only guarantee the comparative precision of detection but also detect DIDoS attacks more quickly than some existing approaches.
Key words: distributed increasingrate denialofservice attack;flow connection
LIU Yun,YIN Jianping,CHENG Jieren,CAI Zhiping. Distributed IncreasingRate DenialofService Attacks Based on an Improved AAR Model[J]. J4, 2011, 33(4): 1-7.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://joces.nudt.edu.cn/EN/10.3969/j.issn.1007130X.2011.
http://joces.nudt.edu.cn/EN/Y2011/V33/I4/1
