A New Traffic Pattern Matching for DDoS Traceback Using Independent Component Analysis
暂无分享,去创建一个
Recently, Denial of Service(DoS) attacks and Distributed DoS(DDoS) attacks which are stronger form of DoS attacks from plural hosts have become security threats on the Internet. It is important to identify the attack source and to block attack traffic as one of the measures against these attacks. In general, it is difficult to identify them because information about the attack source is falsified. Therefore a method of identifying the attack source by tracing the route of the attack traffic is necessary. A traceback method which uses traffic patterns, using changes in the number of packets over time as criteria for the attack traceback has been proposed. The traceback method using the traffic patterns can trace the attack by matching the shapes of input traffic patterns and the shape of output traffic pattern observed at a network branch point such as a router. The traffic pattern is a shapes of traffic and unfalsifiable information. The proposed trace methods proposed till date cannot obtain enough tracing accuracy, because they directly use traffic patterns which are influenced by non-attack traffics. In this paper, a new traffic pattern matching method using Independent Component Analysis(ICA) is proposed. Keywords—Distributed Denial of Service, Independent Component Analysis, Traffic pattern
[1] Nei Kato,et al. Detecting and Tracing DDoS Attacks in the Traffic Analysis Using Auto Regressive Model , 2004, IEICE Trans. Inf. Syst..
[2] Kohei Ohta,et al. Detecting and tracing illegal access by using traffic pattern matching technique , 2004 .
[3] Kohei Ohta,et al. Thacing DDoS Attacks by Comparing Traffic Patterns Based on Quadratic Programming Method , 2002 .
[4] D. Chakrabarti,et al. A fast fixed - point algorithm for independent component analysis , 1997 .