Detecting Distributed Denial of Service Attack Based on Address Correlation Value

Cheng Jieren; Yin Jianping; Liu Yun; Cai Zhiping; Li Min

Journal of Computer Research and Development > 2009 > 46(8): 1334-1340.

Cheng Jieren, Yin Jianping, Liu Yun, Cai Zhiping, Li Min. Detecting Distributed Denial of Service Attack Based on Address Correlation Value[J]. Journal of Computer Research and Development, 2009, 46(8): 1334-1340.

Citation:

PDF (810 KB)

Detecting Distributed Denial of Service Attack Based on Address Correlation Value

1(College of Computer, National University of Defense Technology, Changsha 410073) 2(Department of Mathematics, Xiangnan University, Chenzhou, Hunan 423000)

More Information

Published Date: August 14, 2009

Graphical Abstract

Abstract

Abstract

Detecting distributed denial of service (DDoS) attacks is currently a hot topic in the network security field. The characteristics of DDoS attacks and the existing methods to detect DDoS attacks are analyzed, and a novel detection scheme for DDoS attacks based on address correlation value (ACV) is proposed. ACV is designed to reflect the essential features of DDoS attacks, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. To increase the detection accuracy in various conditions, ACV time series are transformed into a multidimensional vector (MV) by estimating the auto regressive (AR) model parameters using the Yule-Walker method, and then MV is used to describe the state features of network flows. Furthermore, a support vector machine (SVM) classifier, which is trained by MV of ACV time series from normal flow and attack flow, is applied to classify the state of current network flow and identify the DDoS attacks. The experimental results show that ACV time series can be well used to characterize the different state features between DDoS attack flows and normal flows; the scheme can identify the state features of the abnormal flow due to the DDoS attacking flows, and detect DDoS attacks accurately and reduce the false positive drastically.
- network security,
- distributed denial of service attack,
- address correlation value,
- autoregressive model,
- support vector machine

FullText(HTML)

References (0)

[1]	Wang Jieting, Qian Yuhua, Li Feijiang, Liu Guoqing. Support Vector Machine with Eliminating the Random Consistency[J]. Journal of Computer Research and Development, 2020, 57(8): 1581-1593. DOI: 10.7544/issn1000-1239.2020.20200127
[2]	Guo Husheng, Wang Wenjian. A Support Vector Machine Learning Method Based on Granule Shift Parameter[J]. Journal of Computer Research and Development, 2013, 50(11): 2315-2324.
[3]	Ding Lizhong and Liao Shizhong. Approximate Model Selection on Regularization Path for Support Vector Machines[J]. Journal of Computer Research and Development, 2012, 49(6): 1248-1255.
[4]	Xiong Jinzhi, Xu Jianmin, and Yuan Huaqiang. Convergenceness of a General Formulation for Polynomial Smooth Support Vector Regressions[J]. Journal of Computer Research and Development, 2011, 48(3): 464-470.
[5]	Xu Peng, Liu Qiong, and Lin Sen. Internet Traffic Classification Using Support Vector Machine[J]. Journal of Computer Research and Development, 2009, 46(3): 407-414.
[6]	Xiong Jinzhi, Yuan Huaqiang, Peng Hong. A General Formulation of Polynomial Smooth Support Vector Machines[J]. Journal of Computer Research and Development, 2008, 45(8): 1346-1353.
[7]	Li Jie, Zhu Weile, Wang Lei. Texture Recognition Using the Wold Model and Support Vector Machines[J]. Journal of Computer Research and Development, 2007, 44(3).
[8]	Li Yingxin and Ruan Xiaogang. Feature Selection for Cancer Classification Based on Support Vector Machine[J]. Journal of Computer Research and Development, 2005, 42(10): 1796-1801.
[9]	Liu Xiangdong, Luo Bin, and Chen Zhaoqian. Optimal Model Selection for Support Vector Machines[J]. Journal of Computer Research and Development, 2005, 42(4): 576-581.
[10]	Wu Gaowei, Tao Qing, Wang Jue. Support Vector Machines Based on Posteriori Probability[J]. Journal of Computer Research and Development, 2005, 42(2): 196-202.