Accurate and reliable detection of DDoS attacks based on ARIMA-SWGARCH model

被引：2

作者：

Raghavender K.V. ^{[1
,2
]}

Premchand P. ^{[3
]}

机构：

[1] Osmania University, Hydrerabad

[2] Department of CSE, Malla Reddy Engineering College (Autonomous), Hyderabad, TS

[3] Department of CSE, University College of Engineering, Osmania University, Hyderabad

来源：

International Journal of Information and Computer Security | 2021年 / 14卷 / 02期

关键词：

ARIMA model; DDoS attacks; GARCH model; Model parameter estimation; Time series analysis; Traffic pattern analysis; White test;

D O I：

10.1504/IJICS.2021.113169

中图分类号：

学科分类号：

摘要：

DDoS attack detection is the process of finding the attacks happening on a network that causes continues packet drops or losses. Accurate detection of DDoS is the most complex task due to varying network traffic traces and patterns. This is resolved in our previous work by introducing the method namely bandwidth flooding attack detection method. However, this method failed to perform better with varying traffic patterns and traces. This is resolved in this research work by introducing the method namely hybrid ARIMA-SWGARCH model whose main goal is to detection DDoS attacks by analysing the varying measured network traffic. Here initially normalisation of measure network patterns is done by using the Box-Cox transformation. And then the white test is performed to finding the heteroscedasticity characteristics of time series of traffic patterns. And then the hybrid ARIMA-SWAGARCH model is applied to efficiently detect the DDoS attacks happening on the network. The overall evaluation of this method is conducted in the MATLAB simulation environment from which it is proved that the proposed research method can ensure the optimal and reliable detection of DDoS attacks happening on the network. Copyright © 2021 Inderscience Enterprises Ltd.

引用

页码：118 / 135

页数：17

共 21 条

[1] Beran J., Statistics for Long-Memory Processes, 61, (1994)
[2] Bhuyan M.H., Bhattacharyya D.K., Kalita J.K., An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection, Pattern Recognition Letters, 51, pp. 1-7, (2015)
[3] Bhuyan M.H., Bhattacharyya D.K., Kalita J.K., ELDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric, Security and Communication Networks, 9, 16, pp. 3251-3270, (2016)
[4] Bonilla R.I., Abad C.L., Towards a real-time framework for monitoring IoT devices for attack detection: vision paper, Dependable, Autonomic and Secure Computing, 15th Intl. Conf. on Pervasive Intelligence & Computing, 3rd Intl. Conf. on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/ CyberSciTech), 2017 IEEE 15th Intl, pp. 699-703, (2017)
[5] Du P., Abe S., IP packet size entropy-based scheme for detection of DoS/DDoS attacks, IEICE Transaction on Information and Systems, E91-D, 5, pp. 1274-1281, (2008)
[6] Harkins M.W., Managing Risk and Information Security: Protect to Enable, (2016)
[7] Jadhav P.N., Patil B.M., Low-rate DDOS attack detection using optimal objective entropy method, International Journal of Computer Applications, 78, 3, pp. 33-38, (2013)
[8] Kreutz D., Ramos F.M., Verissimo P.E., Rothenberg C.E., Azodolmolky S., Uhlig S., Software-defined networking: a comprehensive survey, Proceedings of the IEEE, 103, 1, pp. 14-76, (2015)
[9] Luo J., Yang X., Wang J., Xu J., Sun J., Long K., On a mathematical model for low-rate shrew DDoS, IEEE Transactions on Information Forensics and Security, 9, 7, pp. 1069-1083, (2014)
[10] Mansfield-Devine S., The growth and evolution of DDoS, Network Security, 2015, 10, pp. 13-20, (2015)

← 1 2 3 →