Title :
Timeslot Monitoring Model for application layer DDoS attack detection
Author :
Choi, Y.S. ; Oh, J.T. ; Jang, J.S. ; Kim, I.K.
Author_Institution :
Managed Security Res. Team, Electron. & Telecommun. Res. Inst., Daejeon, South Korea
fDate :
Nov. 29 2011-Dec. 1 2011
Abstract :
In this letter, a new model for application layer DDoS attack detection is proposed. With the proposed model, the profiles for a normal user´s legitimate traffic pattern and a DDoS attack traffic pattern can be generated. We can detect the DDoS attack traffic with the generated profiles in a short period of time with little consumption of computing resources. We call this model a Timeslot Monitoring Model (TMM). In this model, we extract three key features from monitored network traffic that compose the profiles. The extracted features that can represent the continuity of the traffic are classified into normal or DDoS attack traffic by a support vector machine. As a consequence, the proposed method allows us to extract the attacker´s IP address with very high detection rates.
Keywords :
IP networks; feature extraction; security of data; support vector machines; telecommunication security; telecommunication traffic; DDoS attack traffic pattern; TMM; application layer DDoS attack detection; attacker IP address extraction; key feature extraction; legitimate traffic pattern; monitored network traffic; support vector machine; timeslot monitoring model; Computer crime; Feature extraction; Floods; Monitoring; Protocols; Support vector machines; Telecommunication traffic;
Conference_Titel :
Computer Sciences and Convergence Information Technology (ICCIT), 2011 6th International Conference on
Conference_Location :
Seogwipo
Print_ISBN :
978-1-4577-0472-7
