@article{oai:miyazaki-u.repo.nii.ac.jp:00005889,
 author = {臼崎, 翔太郎 and Usuzaki, Shotaro and 臼﨑, 翔太郎 and Yamaba, Hisaaki and 山場, 久昭 and Aburada, Kentaro and 油田, 健太郎 and Okazaki, Naonobu and 岡崎, 直宣 and 臼崎, 翔太郎 and Usuzaki, Shotaro and 臼﨑, 翔太郎},
 journal = {宮崎大学工学部紀要, Memoirs of Faculty of Engineering, University of Miyazaki},
 month = {Jul},
 note = {From the background that the risk of DDoS attacks is increasing year by year, it is important to detect attacks in real time and quickly shift to attack mitigation processing. Entropy methods with high detection accuracy and speed computation are widely used as one of the DDoS attacks detection approach to improve real-time performance. On the other hand, although the entropy method is recommended to use a wide window size to reduce the influence of noise, not only the processing efficiency degrades when the window size is increased but also the attack detection delays since the interval of detection processing increases. In addition, the attack detection using the entropy is important to learn the average and variance parameters from the latest data with a small degree of abnormality in order to determine the optimum threshold. Our method reduces the influence of noise with shortening the detection interval by applying the existing data mining method with efficient aggregation processing and sequentially learns the latest data in the period except for the burst traffic to automatically adjust the parameter. Experimental results show that our method has the Precision up to 0.978 and the Accuracy up to 0.992, these values are inferior to the maximum 1.0 with existing method, however, sufficient detection accuracy. On the other hand, in CICIDS 2017, the Precision was as low as 0.790 at the maximum. Although our method extracted the attack observation period, we need to calculate the abnormality for each host in the future. In terms of the processing time, proposal method is faster than the 296μsec of existing method. The performance is also higher than the basic entropy detection method. In future work, we need to evaluate the performance using real data traffic.},
 pages = {167--181},
 title = {リアルタイム性を考慮したエントロピーベースDDoS攻撃検知手法の提案},
 volume = {48},
 year = {2019},
 yomi = {ウスザキ, ショウタロウ and ヤマバ, ヒサアキ and アブラダ, ケンタロウ and オカザキ, ナオノブ and ウスザキ, ショウタロウ}
}