Open AccessFFSc: a novel measure for low‐rate and high‐rate DDoS attack detection using multivariate data analysis
Author(s) -
Hoque Nazrul,
Bhattacharyya Dhruba K.,
Kalita Jugal K.
Publication year - 2016
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.1460
Subject(s) - denial of service attack , computer science , network packet , application layer ddos attack , traffic analysis , network security , internet traffic , intrusion detection system , measure (data warehouse) , the internet , computer network , computer security , data mining , world wide web
Abstract A Distributed Denial of Service (DDoS) attack is a major security threat for networks and Internet services. Attackers can generate attack traffic similar to normal network traffic using sophisticated attacking tools. In such a situation, many intrusion detection systems fail to identify DDoS attack in real time. However, DDoS attack traffic behaves differently from legitimate network traffic in terms of traffic features. Statistical properties of various features can be analyzed to distinguish the attack traffic from legitimate traffic. In this paper, we introduce a statistical measure called Feature Feature score for multivariate data analysis to distinguish DDoS attack traffic from normal traffic. We extract three basic parameters of network traffic, namely, entropy of source IPs, variation of source IPs, and packet rate to analyze the behavior of network traffic for attack detection. The method is validated using CAIDA DDoS 2007 and MIT DARPA datasets. Copyright © 2016 John Wiley & Sons, Ltd.