DDoS attack detection and wavelets

Lan Li, Gyungho Lee

Research output: Contribution to journalArticle

46 Citations (Scopus)

Abstract

This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered a system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good indication of attack detection. Aggregated traffic has been found to be strong bursty across a wide range of time scales. Wavelet analysis is able to capture complex temporal correlation across multiple time scales with very low computational complexity. We utilize energy distribution based on wavelet analysis to detect DDoS attack traffic. Energy distribution over time will have limited variation if the traffic keeps its behavior over time (i.e. attack-free situation) while an introduction of attack traffic in the network will elicit significant energy distribution deviation in a short time period. Our experimental results with typical Internet traffic trace show that energy distribution variance markedly changes, causing a "spike" when traffic behaviors are affected by DDoS attack. In contrast, normal traffic exhibits a remarkably stationary energy distribution. In addition, this spike in energy distribution variance can be captured in the early stages of an attack, far ahead of congestion build-up, making it an effective detection of the attack.

Original languageEnglish
Pages (from-to)435-451
Number of pages17
JournalTelecommunication Systems
Volume28
Issue number3-4
DOIs
Publication statusPublished - 2005 Mar

Keywords

  • Attack detection
  • Distributed denial of service
  • Energy distribution
  • Traffic characterization
  • Wavelet analysis

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'DDoS attack detection and wavelets'. Together they form a unique fingerprint.

  • Cite this