DDoS attack detection method using cluster analysis

Expert Systems with Applications

Volumn 34, Issue 3, 2008, Pages 1659-1665

  Lee, Keunsoo ^a   Kim, Juhyun ^a   Kwon, Ki Hoon ^a   Han, Younggoo ^a   Kim, Sehun ^a  

^a Korea Advanced Institute of Science and Technology (KAIST)   (South Korea)

Author keywords

Cluster analysis; DDoS; Proactive detection; Security

Indexed keywords

CLUSTER ANALYSIS; COMPUTER ARCHITECTURE; DATABASE SYSTEMS; FEATURE EXTRACTION; SECURITY OF DATA;

DDOS ATTACK DETECTION METHOD; DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS; PROACTIVE DETECTION;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 37349125374     PISSN: 09574174     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.eswa.2007.01.040     Document Type: Article

References (24)

1. Akella, A. et al. (2003). Detecting DDoS Attacks on ISP Networks. In ACM SIGMOD/PODS Workshop on management and processing of data streams (MPDS) FCRC. .
2. Cabrera, J. B. D. et al. (2001). Proactive detection of distributed denial of service attacks using MIB traffic variables-A feasibility study. In Proceedings of the seventh IFIP/IEEE international symposium on integrated network management, Seattle, May, 1-14.
3. Computer Emergency Response Team (1999). Results of the distributed-systems intruder tools workshop. .
4. Criscuolo, P. J. (2000). Distributed denial of service Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319. Department of Energy Computer Incident Advisory (CIAC), UCRL-ID-136939, Rev. 1, Lawrence Livermore National Laboratory.
5. Feinstein, L. et al. (2003). Statistical approach to DDoS attack detection and response. In Proceedings of the DARPA information survivability conference and exposition (pp. 303-314).
6. Gavrilis D., and Dermatas E. Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features. Computer Networks 48 2 (2005) 235-245
7. Gowadia V., et al. PAID: A probabilistic agent-based intrusion detection system. Computers and Security 24 7 (2005) 529-545
8. Haykin S. Neural networks: A comprehensive foundation (1994), Predice Hall, Upper Saddle River, NJ
9. Houle K.J., and Weaver G.M. Trends in denial of service attack technology (2001), CERT and CERT Coordination Center, Carnegie Mellon University
10. Jeong S., et al. An effective DDoS attack detection and packet-filtering scheme. IEICE Transactions on Communications E89-B 7 (2006) 2033-2042
11. Johnson D.E. Applied multivariate method for data analysis (1998), Brooks/Core Publishing Co.
12. Jolliffe I.T. Principal component analysis (1986), Springer-Verlag, New York
13. Jung, J. & Krishnamurthy, B. (2002). Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. In Proceedings of ACM conference on computer and communications security, May 30-41.
14. Kaufman L., and Rousseeuw P.J. Finding groups in data: An introduction to cluster analysis. Wiley series in probability and mathematical statistics (1990), John Wiley and Sons, Inc
15. Lee F.Y., and Shieh S. Defending against spoofed DDoS attacks with path fingerprint. Computers and Security 24 7 (2005) 571-586
16. Liao Y., and Vemuri R. Use of K-nearest neighbor classifier for intrusion detection. Computers and Security 21 5 (2001) 439-448
17. Lin S.C., and Tseng S.S. Constructing detection knowledge for DDoS intrusion tolerance. Expert Systems with Applications 27 (2004) 379-390
18. Mahajan R., et al. Controlling high bandwidth aggregates in the network. ACM Computer Communication Review 32 2 (2002) 62-73
19. MIT Lincoln Lab (2000). DARPA intrusion detection scenario specific datasets. .
20. SAS Institute. SAS/STAT user's guide, version 6. Fourth ed. Vol. 1 (1990), SAS Institute
21. Shannon C.E., and Weaver W. The mathematical theory of communication (1963), University of Illinois Press
22. Staniford-Chen, S. et al. (1998). GrIDS-A graph-based intrusion detection system for large networks. In The 19th national information systems security conference (pp. 361-370).
23. Stereilein, W. W. et al. (2002). Improved detection of low-profile probe and denial-of-service attacks. In Workshop on statistical and machine learning techniques in computer intrusion detection, Baltimore, Maryland, June 11-13.
24. Xu J., and Lee W. Sustaining availability of web services under distributed denial of service attacks. IEEE Transactions on Computers 52 2 (2003) 195-208