The damage caused by DDoS (Distributed Denial-of-Service) attack is a big threat for modern society. It is expected that the damage will become bigger, therefore effective attack detection system is desired. In general, DDoS attack detection methods are roughly divided into signature type and anomaly type. The signature type has signature database that stores a pattern of an attack packet. This method detects the attack by comparing its characteristics with the signature every time a packet arrives. However, the more the pattern of registered attack increases, the more the responsiveness decreases because of computational complexity of pattern matching. On the other hand, the anomaly type detects the attack by using statistical information. This method detects attack by comparing statistical information of the current packet series and those of normal case for each window size. However, it has the trade-off relationship between detection accuracy and responsiveness. This is because it is necessary to widen the window size in order to improve the detection accuracy. The detection process is not performed until the window size is exceeded. In order to solve the problem, we propose the anomaly-based DDoS attack detection method using a data mining technique that can process when event occurs, while maintaining sufficient data necessary for detection processing. In this research, we evaluate the detection accuracy and the processing efficiency of the proposed method.
雑誌名
宮崎大學工學部紀要
巻
47
ページ
221 - 225
発行年
2018-07
出版者
宮崎大学工学部
Miyazaki University
Faculty of Engineering, University of Miyazaki