Abstract
Distributed denial of service (DDoS) attack is one of the major threats to the current Internet. The IP Flow feature value (FFV) algorithm is proposed based on the essential features of DDoS attacks, such as the abrupt traffic change, flow dissymmetry, distributed source IP addresses and concentrated target IP addresses. Using linear prediction technique, a simple and efficient ARMA prediction model is established for normal network flow. Then a DDoS attack detection scheme based on anomaly detection techniques and linear prediction model (DDAP) is designed. Furthermore, an alert evaluation mechanism is developed to reduce the false positives due to prediction error and flow noise. The experiment results demonstrate that DDAP is an efficient DDoS attacks detection scheme with more accuracy and lower false alarm rate. © 2009 Springer Berlin Heidelberg.
Author supplied keywords
Cite
CITATION STYLE
Cheng, J., Yin, J., Wu, C., Zhang, B., & Liu, Y. (2009). DDoS attack detection method based on linear prediction model. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5754 LNCS, pp. 1004–1013). https://doi.org/10.1007/978-3-642-04070-2_106
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
