Skip to main content
Conference ProceedingsOPEN ACCESS

Combining cross-correlation and fuzzy classification to detect distributed denial-of-service attacks

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2006) 3994 LNCS - IV 57-64
DOI: 10.1007/11758549_8
8Citations
Citations of this article
11Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

In legitimate traffic the correlation exists between the outgoing traffic and incoming traffic of a server network because of the request-reply actions in most protocols. When DDoS attacks occur, the attackers send packets with faked source addresses, As a result, the outgoing traffic to the faked addresses does not induce any related incoming traffic, Our main idea is to find changes in the correlation caused by DDoS. We sample network traffics using Extended First Connection Density (EFCD), and express correlation by cross-correlation function, Because network traffic in DDoS-initiating stage is much similar to legitimate traffic, we use fuzzy classification in order to guarantee the accuracy. Experiments show that DDoS traffic can be identified accurately by our algorithm. © Springer-Verlag Berlin Heidelberg 2006.

Cite

CITATION STYLE

APA

Wei, W., Dong, Y., Lu, D., & Jin, G. (2006). Combining cross-correlation and fuzzy classification to detect distributed denial-of-service attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3994 LNCS-IV, pp. 57–64). Springer Verlag. https://doi.org/10.1007/11758549_8

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free