Abstract
In recent years, there appeared several new forms of DDoS attacks, such as DDoS using botnet, DNS Amplification attack and NTP Amplification attack, posing a great threat to network security and seriously affecting the stability and reliability of the network. Therefore, detecting the DDoS attacks accurately and timely has positive significance to mitigate DDoS attacks as soon as possible and reduce the impact of DDoS attacks. Previously, most of the researchers focused on extracting features of traffic and finding effective approaches to detect DDoS attack, while ignoring the correlativity between features. This paper applies second-order features to machine learning algorithms in order to study the correlativity between features and use sliding window mechanism to improve the model. We use KDD CUP 99 dataset for evaluating the methods. The evaluation results show that the correlativity between features can accurately differentiate DDoS attacks from normal traffic.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yeung, D.S., Jin, S.: Covariance matrix modeling and detecting various flooding attacks. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 13, 222–232 (2007)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987)
GarcÃa-Teodoro, P., DÃaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009). ISSN: 0167-4048
Tan, X., Xi, H.: Hidden semi-markov model for anomaly detection. Appl. Math. Comput. 205(2), 562–567 (2008). ISSN: 0096-3003
Vijayasarathy, R., Raghavan, S.V., Ravindran, B.: A system approach to network modeling for DDoS detection using a Naïve Bayesian classifier. In: 2011 Third International Conference on Communication Systems and Networks (COMSNETS), pp. 1–10, 4–8 January 2011
Reif, M., Goldstein, M., Stahl, A., Breuel, T.M.: Anomaly detection by combining decision trees and parametric densities. In: 2008 19th International Conference on Pattern Recognition, ICPR 2008, pp. 1–4, 8–11 December 2008
Ndong, J., Salamatian, K.: A robust anomaly detection technique using combined statistical methods. In: Proceedings of the 2011 Ninth Annual Communication Networks and Services Research Conference (CNSR 2011). IEEE Computer Society, Washington, pp. 101–108
Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–307 (2005)
Acknowledgement
This work is supported by the Natural Science Foundation of China (Grant No. 61202058).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
He, X., Jin, S., Yang, Y., Chi, H. (2015). DDoS Detection Based on Second-Order Features and Machine Learning. In: Yueming, L., Xu, W., Xi, Z. (eds) Trustworthy Computing and Services. ISCTCS 2014. Communications in Computer and Information Science, vol 520. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47401-3_26
Download citation
DOI: https://doi.org/10.1007/978-3-662-47401-3_26
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-47400-6
Online ISBN: 978-3-662-47401-3
eBook Packages: Computer ScienceComputer Science (R0)