Title :
Traffic anomaly detection in DDos flooding attack
Author :
Purwanto, Yudha ; Kuspriyanto ; Hendrawan ; Rahardjo, Budi
Author_Institution :
Bandung Insitute of Technol., Bandung, Indonesia
Abstract :
Researches have been conducted to overcome Distributed Denial of Service (DDoS) flooding attack. Beside the use of signature based detection, anomaly based detection is also used to detect the attack. Several methods such as statistic, information theory, data mining and forecasting have been proposed. In several researches, they just focused to detect the traffic anomaly, but not to recognize the types of anomaly that were detected such as flashcrowd, types of botnet, types of DDoS, and prevention action. In this paper we categorize anomaly traffic detection system based on process and capability focus. Anomaly detection system process including traffic features, preprocessing, and detection process. Capability focus based on each main research problem to be solved, there are detectingonly anomaly, types of anomaly, and prevention system that include process to overcome the attack. At the end of paper, we provide overview of research direction and opportunities that may be done in future research.
Keywords :
data mining; security of data; statistical analysis; DDos flooding attack; anomaly based detection; data mining; distributed denial-of-service attack; forecasting method; information theory; signature based detection; statistic method; traffic anomaly detection; traffic detection process; traffic feature; traffic preprocessing; Conferences; Entropy; Feature extraction; Floods; Forecasting; Quality of service; Servers; DDoS; anomaly detection; botnet; flashcrowd; prevention;
Conference_Titel :
Telecommunication Systems Services and Applications (TSSA), 2014 8th International Conference on
DOI :
10.1109/TSSA.2014.7065953
