DDoS Detection Based on Second-Order Features and Machine Learning

In recent years, there appeared several new forms of DDoS attacks, such as DDoS using botnet, DNS Amplification attack and NTP Amplification attack, posing a great threat to network security and seriously affecting the stability and reliability of the network. Therefore, detecting the DDoS attacks accurately and timely has positive significance to mitigate DDoS attacks as soon as possible and reduce the impact of DDoS attacks. Previously, most of the researchers focused on extracting features of traffic and finding effective approaches to detect DDoS attack, while ignoring the correlativity between features. This paper applies second-order features to machine learning algorithms in order to study the correlativity between features and use sliding window mechanism to improve the model. We use KDD CUP 99 dataset for evaluating the methods. The evaluation results show that the correlativity between features can accurately differentiate DDoS attacks from normal traffic.

[1]  Kavé Salamatian,et al.  A Robust Anomaly Detection Technique Using Combined Statistical Methods , 2011, 2011 Ninth Annual Communication Networks and Services Research Conference.

[2]  Thomas M. Breuel,et al.  Anomaly detection by combining decision trees and parametric densities , 2008, 2008 19th International Conference on Pattern Recognition.

[3]  Hongsheng Xi,et al.  Hidden semi-Markov model for anomaly detection , 2008, Appl. Math. Comput..

[4]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[5]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[6]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[7]  Rajagopalan Vijayasarathy,et al.  A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[8]  Xizhao Wang,et al.  Covariance-Matrix Modeling and Detecting Various Flooding Attacks , 2007, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.