DDoS Attack Detection and Wavelets |
| |
| Authors: | Lan Li Gyungho Lee |
| |
| Affiliation: | (1) Department of Electrical and Computer Engineering, University of Illinois at Chicago, 1020 SEO, S. Morgan st., Chicago, IL 60660, USA |
| |
| Abstract: | This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered a system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good indication of attack detection. Aggregated traffic has been found to be strong bursty across a wide range of time scales. Wavelet analysis is able to capture complex temporal correlation across multiple time scales with very low computational complexity. We utilize energy distribution based on wavelet analysis to detect DDoS attack traffic. Energy distribution over time will have limited variation if the traffic keeps its behavior over time (i.e. attack-free situation) while an introduction of attack traffic in the network will elicit significant energy distribution deviation in a short time period. Our experimental results with typical Internet traffic trace show that energy distribution variance markedly changes, causing a  spike when traffic behaviors are affected by DDoS attack. In contrast, normal traffic exhibits a remarkably stationary energy distribution. In addition, this spike in energy distribution variance can be captured in the early stages of an attack, far ahead of congestion build-up, making it an effective detection of the attack. |
| |
| Keywords: | distributed denial of service energy distribution traffic characterization wavelet analysis attack detection |
| 本文献已被 SpringerLink 等数据库收录! |
|
