Anomaly Detection for DDoS Attacks via Behavior Profiles Deviation Degree
Distributed Denial-of-Service (DDoS) attacks present a very serious threat to the stability of the Internet.In this paper,an anomaly detection method for DDoS attacks via Behavior Profiles Deviation Degree (BPDD) is proposed.First,the behavior profiles of normal traffic and real-time traffic are constructed using Markov Chain respectively,and then BPDD is designed to measure the discrepancy of the two profiles.Furthermore,TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) algorithm is applied to identify attacks by classifying the BPDD samples.The experimental results demonstrate that the proposed method can effectively distinguish normal traffic from DDoS attacks,and has higher detection ratio and lower false alarm ratio than traditional methods.
anomaly detection behavior profile TCM-KNN algorithm
Yun Liu Jianping Yin Zhiping Cai Jiarun Lin
School of Computer, National University of Defense Technology, Changsha, China
国际会议
西安
英文
777-781
2012-08-24(万方平台首次上网日期,不代表论文的发表时间)