Probability principle of a reliable approach to detect signs of DDOS flood attacks

Abstract

Attentions are increasingly paid to reliable detection of intrusions as can be seen from [1, 2]. As a matter of fact, the challenge is to develop a system that detects close to 100 percent of attacks with minimal false positives. We are still far from achieving this goal [1, p. 28]. In this regard, our early work discusses a reliable approach regarding detection of signs of distributed denial-of-service (DDOS) attacks [3], where arrival time series of a protected site is specifically featured by autocorrelation function. As a supplementary to [3], this article specifically focuses on abstractly discussing probability principle involved in [3] such that the present probability principle of detection is flexible in practical applications. In addition to this, the selection of a threshold for a given detection probability is also given.