Title :
An unsupervised approach for detecting DDOS attacks based on traffic-based metrics
Author :
Lu, Wei ; Traore, Issa
Author_Institution :
Dept. of Electr. & Comput. Eng., Victoria Univ., BC, Canada
Abstract :
Recently, distributed denial of service (DDoS) attacks have been widely used to compromise computer systems and a lot of free DDoS attacking tools can be easily obtained from the public network. Although many mechanisms were suggested to prevent DDoS attacks, most of them lack in effectiveness and efficiency. Moreover, trace back and prevention for DDoS intrusions are almost impossible because of the distribution and large number of attacking hosts, and the difficulty of identifying their location due to source IP address spoofing. We define in this paper a new traffic-based metrics named IPTraffic by studying the basic principle of DDoS attacks. An outlier detection algorithm based on Gaussian mixture model (GMM) is used to analyze the value of IPTraffic, and then make intrusion decisions according to the outlier detection result. We evaluate our approach on a live networking environment and the experimental results show that the proposed approach not only can detect DDoS attacks effectively but also provide an efficient response to these attacks.
Keywords :
Gaussian processes; IP networks; telecommunication security; telecommunication traffic; DDOS attacks; Gaussian mixture model; IP address spoofing; IPTraffic; computer systems; distributed denial of service attacks; traffic-based metrics; Algorithm design and analysis; Computer crime; Computer networks; Detection algorithms; Distributed computing; Intrusion detection; Telecommunication traffic; Traffic control;
Conference_Titel :
Communications, Computers and signal Processing, 2005. PACRIM. 2005 IEEE Pacific Rim Conference on
Print_ISBN :
0-7803-9195-0
DOI :
10.1109/PACRIM.2005.1517326
