Details

Autor(en) / Beteiligte

• Liu, Lei
• Jin, Xiaolong
• Min, Geyong
• Xu, Li

Titel

Anomaly diagnosis based on regression and classification analysis of statistical traffic features

Ist Teil von

• Security and communication networks, 2014-09, Vol.7 (9), p.1372-1383

Ort / Verlag

London: Blackwell Publishing Ltd

Erscheinungsjahr

2014

Link zum Volltext

Quelle

Electronic Journals Library

Beschreibungen/Notizen

• ABSTRACT Traffic anomalies caused by Distributed Denial‐of‐Service (DDoS) attacks are major threats to both network service providers and legitimate customers. The DDoS attacks regularly consume and exhaust the resources of victims and hence result in abnormal bursty traffic through end‐user systems. Additionally, malicious traffic aggregated into normal traffic often show dramatic changes in the traffic nature and statistical features. This study focuses on early detection of traffic anomalies caused by DDoS attacks in light of analyzing the network traffic behavior. Key statistical features including variance, autocorrelation, and self‐similarity are employed to characterize the network traffic. Further, artificial neural network and support vector machine subject to the performance metrics are employed to predict and classify the abnormal traffic. The proposed diagnosis mechanism is validated through experiments where the datasets consist of two groups. The first group is the Massachusetts Institute of Technology Lincoln Laboratory dataset containing labeled DoS attack. The second group collected from DDoS attack simulation experiments covers three representative traffic shapes resulting from the dynamic attack rate configuration, namely, constant intensity, ramp‐up behavior, and pulsing behavior. The experimental results demonstrate that the developed mechanism can effectively and precisely alert the abnormal traffic within short response period. Copyright © 2013 John Wiley & Sons, Ltd. DDos attacks cause significant changes in traffic shape and its statistic features. Multi traffic statistic features can be used to spot the attack traffic in light of classification and regression theories.