A DDoS Attack Detection Method Based on Hidden Markov Model

Zhou Dongqing; Zhang Haifeng; Zhang Shaowu; Hu Xiangpei

Journal of Computer Research and Development > 2005 > 42(9): 1594-1599.

Zhou Dongqing, Zhang Haifeng, Zhang Shaowu, Hu Xiangpei. A DDoS Attack Detection Method Based on Hidden Markov Model[J]. Journal of Computer Research and Development, 2005, 42(9): 1594-1599.

Citation:

Zhou Dongqing, Zhang Haifeng, Zhang Shaowu, Hu Xiangpei. A DDoS Attack Detection Method Based on Hidden Markov Model[J]. Journal of Computer Research and Development, 2005, 42(9): 1594-1599.

Citation:

Zhou Dongqing, Zhang Haifeng, Zhang Shaowu, Hu Xiangpei. A DDoS Attack Detection Method Based on Hidden Markov Model[J]. Journal of Computer Research and Development, 2005, 42(9): 1594-1599.

PDF (331 KB)

A DDoS Attack Detection Method Based on Hidden Markov Model

1(Department of Computer Science and Engineering, Dalian University of Technology, Dalian 116024) 2(School of Management, Dalian University of Technology, Dalian 116024)

More Information

Published Date: September 14, 2005

Graphical Abstract

Abstract

Abstract

The statistical characteristics of the selected data packets show anomalies under distributed denial of service (DDoS) attacks. The detection of the anomalies is an important task. Some detection methods are based on the hypothesis of data packet rates. This hypothesis, however, is unreasonable in some situations. Other detection methods are based on the statistics of IP addresses and the length of data packets, but their detection accuracy declines rapidly under the IP spoofing attack. In this paper, an HMM-based detection method of DDoS attacks is presented. The method integrates four different detection models against different type attacks. The models are established based on selected normal network data packet attributes, which are the flag bits of TCP packets, the ports of UDP packets, and the type and code of ICMP packets. These packets are from normal audit data. The models simulate the statistical characteristics of normal network data packets. The models are then used to detect the DDoS attacks by processing selected target audit data packets. Experimental results show that this method outperforms other methods reported on the DDoS attacks in adaptability and detection accuracy.
- distributed denial of service,
- hidden Markov model,
- anomaly detection

FullText(HTML)

References (0)

[1]	Yuan Ziqi, Sun Qingyun, Zhou Haoyi, Zhu Zukun, Li Jianxin. MNDetector: Anomaly Access Detection Method Based on Multiplex Network[J]. Journal of Computer Research and Development, 2025, 62(3): 765-778. DOI: 10.7544/issn1000-1239.202330735
[2]	Cheng Yudong, Zhou Fang. Semi-Supervised Learning-Based Method for Unknown Anomaly Detection[J]. Journal of Computer Research and Development, 2024, 61(7): 1670-1680. DOI: 10.7544/issn1000-1239.202330627
[3]	Yang Fan, Xiao Bin, Yu Zhiwen. Anomaly Detection and Modeling of Surveillance Video[J]. Journal of Computer Research and Development, 2021, 58(12): 2708-2723. DOI: 10.7544/issn1000-1239.2021.20200638
[4]	Zhang Long, Wang Jinsong. DDoS Attack Detection Model Based on Information Entropy and DNN in SDN[J]. Journal of Computer Research and Development, 2019, 56(5): 909-918. DOI: 10.7544/issn1000-1239.2019.20190017
[5]	Xie Bailin and Yu Shunzheng. Application Layer Anomaly Detection Based on Application Layer Protocols’ Keyword Sequences[J]. Journal of Computer Research and Development, 2011, 48(1): 159-168.
[6]	Zhao Jing, Huang Houkuan, and Tian Shengfeng. Protocol Anomaly Detection Based on Hidden Markov Model[J]. Journal of Computer Research and Development, 2010, 47(4): 621-627.
[7]	Wei Xiaotao, Huang Houkuan, Tian Shengfeng. An Online Adaptive Network Anomaly Detection System-Model and Algorithm[J]. Journal of Computer Research and Development, 2010, 47(3): 485-492.
[8]	Cheng Jieren, Yin Jianping, Liu Yun, Cai Zhiping, Li Min. Detecting Distributed Denial of Service Attack Based on Address Correlation Value[J]. Journal of Computer Research and Development, 2009, 46(8): 1334-1340.
[9]	Tian Xinguang, Gao Lizhi, Sun Chunlai, Zhang Eryang. Anomaly Detection of Program Behaviors Based on System Calls and Homogeneous Markov Chain Models[J]. Journal of Computer Research and Development, 2007, 44(9): 1538-1544.
[10]	Pan Feng, Jiang Junjie, and Wang Weinong. An Entropy-Based Method to Measure the Regularity of Normal Behaviors in Anomaly Detection[J]. Journal of Computer Research and Development, 2005, 42(8): 1415-1421.