A TRAFFIC COHERENCE ANALYSIS MODEL FOR DDOS ATTACK DETECTION

Hamza Rahmani; Nabil Sahli; Farouk Kamoun

doi:10.5220/0002231901480154

A TRAFFIC COHERENCE ANALYSIS MODEL FOR DDOS ATTACK DETECTION

Hamza Rahmani, Nabil Sahli, Farouk Kamoun

2009

Abstract

Distributed Denial of Service (DDoS) attack is a critical threat to the Internet by severely degrading its performance. DDoS attack can be considered a system anomaly or misuse from which abnormal behaviour is imposed on network traffic. Network traffic characterization with behaviour modelling could be a good indication of attack detection witch can be performed via abnormal behaviour identification. In this paper, we will focus on the design and evaluation of the statistically automated attack detection. Our key idea is that contrary to DDoS traffic, flash crowd is characterized by a large increase not only in the number of packets but also in the number of IP connexions. The joint probability between the packet arrival process and the number of IP connexions process presents a good estimation of the degree of coherence between these two processes. Statistical distances between an observation and a reference time windows are computed for joint probability values. We show and illustrate that anomalously large values observed on these distances betray major changes in the statistics of Internet time series and correspond to the occurrences of illegitimate anomalies.

Download

Paper Citation

in Harvard Style

Rahmani H., Sahli N. and Kamoun F. (2009). A TRAFFIC COHERENCE ANALYSIS MODEL FOR DDOS ATTACK DETECTION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 148-154. DOI: 10.5220/0002231901480154

in Bibtex Style

@conference{secrypt09,
author={Hamza Rahmani and Nabil Sahli and Farouk Kamoun},
title={A TRAFFIC COHERENCE ANALYSIS MODEL FOR DDOS ATTACK DETECTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={148-154},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002231901480154},
isbn={978-989-674-005-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - A TRAFFIC COHERENCE ANALYSIS MODEL FOR DDOS ATTACK DETECTION
SN - 978-989-674-005-4
AU - Rahmani H.
AU - Sahli N.
AU - Kamoun F.
PY - 2009
SP - 148
EP - 154
DO - 10.5220/0002231901480154