Abstract
Recently, many attack detection methods adopts machine learning algorithm to improve attack detection accuracy and automatically react to the attacks. However, the previous mechanisms based on machine learning have some disadvantages such as high false positive rate and computing overhead. In this paper, we propose a new DDoS detection model based on multiple SVMs (Support Vector Machine) in order to reduce the false positive rate. We employ TRA (Traffic Rate Analysis) to analyze the characteristics of network traffic for DDoS attacks. Experimental results show that the proposed model is a highly useful classifier for detecting DDoS attacks.
This work was supported by the Ministry of Information Communication, Korea, under the Information Technology Research Center Support Program supervised by the IITA.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Garber, L.: Denial-of-Service Attacks Rip the Internet. IEEE Computer 33(4), 12–17 (2000)
Houle, J.K., Weaver, M.G.: Trends in Denial of Service Attack Technology. CERT Coordination Center (2001)
Moore, D., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Proceedings of the 10th USENIX Symposium, pp. 9–22 (2001)
Gil, T.M., Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of the 10th USENIX Security Symposium, pp. 23–38 (2001)
Kulkarni, A.B., Bush, S.F., Evans, S.C.: Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics. Technical report 2001CRD176, GE Re-search and Development Center (2001)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: Proceedings of IEEE INFOCOM – The Conference on Computer Communications, vol. 21(1), pp. 1530–1539 (2002)
Lee, C., Noh, S., Choi, K., Jung, G.: Characterizing DDoS Attacks with Traffic Rate Analysis. In: Proceedings of the IADIS e-Society, vol. 1, pp. 81–88 (2003)
Noh, S., Lee, C., Choi, K., Jung, K.: Detecting Distributed Denial of Service (DDoS) Attacks through Inductive Learning. In: Liu, J., Cheung, Y.-m., Yin, H. (eds.) IDEAL 2003. LNCS, vol. 2690, pp. 286–295. Springer, Heidelberg (2003)
Seo, J., Lee, C., Moon, J.: Defending DDoS Attacks Using Network Traffic Analysis and Probabilistic Packet Drop. In: Proceedings of the Third International Conference on Grid and Cooperative Computing, pp. 390–397 (2004)
Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines. Cambridge University, Cambridge (2000)
Li, M., Vitanyi, P.: An Introduction to Kolmogorov Complexity and Its Applications. In: Section 7.6, pp. 506–509. Springer, Heidelberg (1997)
Ruping, S.: mySVM – a Support Vector Machine. University of Dortmund (2004)
Burges, C.: LA Tutorial on Support Vector Machines for Patter Recognition, Data Mining and Knowledge Discovery, Boston, 1588
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Seo, J., Lee, C., Shon, T., Cho, KH., Moon, J. (2005). A New DDoS Detection Model Using Multiple SVMs and TRA. In: Enokido, T., Yan, L., Xiao, B., Kim, D., Dai, Y., Yang, L.T. (eds) Embedded and Ubiquitous Computing – EUC 2005 Workshops. EUC 2005. Lecture Notes in Computer Science, vol 3823. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596042_100
Download citation
DOI: https://doi.org/10.1007/11596042_100
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30803-4
Online ISBN: 978-3-540-32296-2
eBook Packages: Computer ScienceComputer Science (R0)