Title :
A covariance analysis model for DDoS attack detection
Author :
Jin, Shuyuan ; Yeung, Daniel S.
Author_Institution :
Dept. of Comput., Hong Kong Polytech. Univ., China
Abstract :
This paper discusses the effects of multivariate correlation analysis on the DDoS detection and proposes an example, a covariance analysis model for detecting SYN flooding attacks. The simulation results show that this method is highly accurate in detecting malicious network traffic in DDoS attacks of different intensities. This method can effectively differentiate between normal and attack traffic. Indeed, this method can detect even very subtle attacks only slightly different from the normal behaviors. The linear complexity of the method makes its real time detection practical. The covariance model in this paper to some extent verifies the effectiveness of multivariate correlation analysis for DDoS detection. Some open issues still exist in this model for further research.
Keywords :
computational complexity; computer networks; correlation methods; covariance analysis; telecommunication security; telecommunication services; telecommunication traffic; DDoS attack detection; attack traffic; covariance analysis model; distributed denial of service; flooding attacks; linear complexity; multivariate correlation analysis; network traffic; Clustering methods; Computational modeling; Computer crime; Entropy; Floods; Protocols; Statistical analysis; Telecommunication traffic; Traffic control; Web server;
Conference_Titel :
Communications, 2004 IEEE International Conference on
Print_ISBN :
0-7803-8533-0
DOI :
10.1109/ICC.2004.1312847
