Computer Engineering & Science >
Distributed IncreasingRate DenialofService Attacks Based on an Improved AAR Model
Received date: 2010-05-20
Revised date: 2010-10-26
Online published: 2011-04-25
Distributed Increasingrate DenialofService (DIDoS) attacks gradually increase the sending rate of packets to exhaust the victim’s resources slowly, so DIDoS attacks have a higher concealment than the traditional DDoS attacks. How to detect DIDoS attacks as soon as possible is an urgent problem we should study. In view of the characteristics of DIDoS attacks, a novel approach for early detection based on an improved adaptive autoregressive (AAR) model is proposed. In this approach, a set of novel detection features based on the conditional entropy called the Traffic Feature Conditional Entropy (TFCE), are used to reflect the increase of DIDoS attack traffic rate. Then an improved AAR model is used to predict the multistep TFCE values. Finally a trained SVM classifier is adopted to identify the tendency of attacks by classifying the predicted TFCE values. The experimental results demonstrate that our approach can not only guarantee the comparative precision of detection but also detect DIDoS attacks more quickly than some existing approaches.
LIU Yun,YIN Jianping,CHENG Jieren,CAI Zhiping . Distributed IncreasingRate DenialofService Attacks Based on an Improved AAR Model[J]. Computer Engineering & Science, 2011 , 33(4) : 1 -7 . DOI: 10.3969/j.issn.1007130X.2011.
[1]MirRovic J,Reiher P. Taxonomy of DDoS Attack and DDoS Defense Mechanisms[J].ACM SIGCOMM Computer Communication Review, 2004,34(2):3953.
[2]Kim Y, Lau W C, Chuah M C, et al. PacketScoreA StatisticsBased Packet Filtering Scheme Against Distributed DenialofService Attacks[J]. IEEE Transactions on Dependable and Secure Computing, 2006, 3(2):141155.
[3]孙庆东, 张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报, 2005, 28(5):767773.
[4]周东清,张海锋,张绍武,等. 基于HMM的分布式拒绝服务攻击检测方法[J]. 计算机研究与发展,2005,42(9):15941599.
[5]Gupta K K, Nathn B, Kotagiri R. Layered Approach Using Conditional Random Fields for Intrusion Detection[J]. IEEE Transactions on Dependable and Secure Computing, 2010,7(1):3549.
[6]Haggerty J, Shi Q, Merabti M. Early Detection and Prevention of DenialofService Attacks a Novel Mechanism with Propagated TracedBack Attack Blocking[J]. IEEE Journal on Selected Areas in Communications, 2005, 23(10):19942002.
[7]Chen Y, Hwang K, Ku WS. Collaborative Detection of DDoS Attacks over Multiple Network Domains[J]. IEEE Transactions on Parallel and Distributed System,2007,18(12):16491662.
[8]Kumar K, Joshi R C, Singh K. A Distributed Approach using Entropy to Detect DDoS Attacks in ISP Domain[C]∥Proc of IEEE Int’l Conf on Signal Processing, Communications and Networking, 2007:331337.
[9]Kalman R E. A New Approach to Linear Filtering and Prediction Problems[J]. Transactions of the ASMEJournal of Basic Engineering, 1960, 82 (Series D):3545.
[10]Haykin S. Adaptive Filter Theory[M]. Englewood Cliff, NJ:PrenticeHall Inc, 1986.
[11]Su H W, Zhang L, Yu S. Shortterm Traffic Flow Prediction Based on Incremental Support Vector Regression[C]∥Proc of the 3rd Int’l Conf on Natural Computation ,2007:640645.
[12]http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html.
/
| 〈 |
|
〉 |