DDoS detection based on feature space modeling

Author

Jin, Shu-Yuan ; Yeung, Daniel S.

Author_Institution

Dept. of Comput., Hong Kong Polytech. Univ., Kowloon, China

Volume

7

fYear

2004

fDate

26-29 Aug. 2004

Firstpage

4210

Abstract

This work tries to use a feature space modeling methodology to identify DDoS attacks. Compared with the existing approaches, the proposed feature space presents a more general model in DDoS detection. It changes the non-separable attacks into separable cases and more importantly, it also allows the unknown attacks potentially being identified by their own features. To validate these claims, a classification algorithm is defined under this feature space. We use a subset in KDD Cup 1999 data in the experiments. The KDD Cup 1999 training dataset contains 6 different types of DDoS attacks and the testing dataset contains more 4 novel DDoS attacks. In detecting these 6 already known DDoS attacks and 4 novel DDoS attacks from the normal, we get a high detection rate under this feature space by using the proposed classification algorithm, which shows the discriminative abilities of the feature space.

Keywords

computer networks; covariance matrices; security of data; telecommunication security; KDD Cup training dataset; classification algorithm; covariance matrices; distributed denial of service attack identification; distributed denial of service detection; feature space modeling; Classification algorithms; Computer crime; Computer networks; Computer vision; Frequency; Intrusion detection; PROM; Performance analysis; Space exploration; Throughput;

fLanguage

English

Publisher

ieee

Conference_Titel

Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference on

Print_ISBN

0-7803-8403-2

Type

conf

DOI

10.1109/ICMLC.2004.1384578

Filename

1384578