DocumentCode
2900759
Title
Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition
Author
Liu, Haiqin ; Kim, Min Sik
Author_Institution
Sch. of Electr. Eng. & Comput. Sci., Washington State Univ., Pullman, WA, USA
fYear
2010
fDate
23-27 May 2010
Firstpage
1
Lastpage
6
Abstract
Recently, many new types of distributed denial of service (DDoS) attacks have emerged, posing a great challenge to intrusion detection systems. In this paper, we introduce a new type of DDoS attacks called stealthy DDoS attacks, which can be launched by sophisticated attackers. Such attacks are different from traditional DDoS attacks in that they cannot be detected by previous detection methods effectively. In response to this type of DDoS attacks, we propose a detection approach based on time-series decomposition, which divides the original time series into trend and random components. It then applies a double autocorrelation technique and an improved cumulative sum technique to the trend and random components, respectively, to detect anomalies in both components. By separately examining each component and synthetically evaluating the overall results, the proposed approach can greatly reduce not only false positives and negatives but also detection latency. In addition, to make our method more generally applicable, we apply an adaptive sliding-window to our real-time algorithm. We evaluate the performance of the proposed approach using real Internet traces, demonstrating its effectiveness.
Keywords
Autocorrelation; Communications Society; Computer crime; Computer science; Degradation; Delay; History; Intrusion detection; Telecommunication traffic; Web and internet services;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications (ICC), 2010 IEEE International Conference on
Conference_Location
Cape Town, South Africa
ISSN
1550-3607
Print_ISBN
978-1-4244-6402-9
Type
conf
DOI
10.1109/ICC.2010.5501975
Filename
5501975
Link To Document