Anomaly Detection for DDoS Attacks Based on Gini Coefficient

被引:0
作者
Liu, Yun
Jiang, Siyu
Huang, Jiuming
机构
来源
PROCEEDINGS OF THE 2013 INTERNATIONAL CONFERENCE ON ADVANCED ICT AND EDUCATION | 2013年 / 33卷
关键词
anomaly detection; Gini coefficient; TCM-KNN algorithm;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Distributed Denial-of-Service (DDoS) attacks present a very serious threat to the stability of the Internet. In this paper, an anomaly detection method for DDoS attacks based on Gini coefficient is proposed. First, Gini coefficient is introduced to measure the inequalities of packet attribution (IP addresses and ports) distributions during attacks. Then, an improved TCM-KNN algorithm is applied to identify attacks by classifying the Gini coefficient samples extracted from real-time network traffic. The experimental results demonstrate that the proposed method can effectively distinguish DDoS attacks from normal traffic, and has higher detection ratio and lower false alarm ratio than similar detection methods.
引用
收藏
页码:649 / 654
页数:6
相关论文
共 9 条
[1]  
[Anonymous], 2007, P 2 ACM S INFORM COM
[2]  
Gini C., 1913, J R STAT SOC, V76, P326
[3]  
Houle Kevin J., 2001, Trends in denial of service attack technology
[4]  
Jung Jaeyeon, 2002, P 11 WORLD WID WEB C
[5]   Mining anomalies using traffic feature distributions [J].
Lakhina, A ;
Crovella, M ;
Diot, C .
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2005, 35 (04) :217-228
[6]  
Li Y, 2010, INT J ADV SCI TECHNO, V24, P11
[7]  
Peng T, 2004, LECT NOTES COMPUT SC, V3042, P771
[8]  
Sun Qin-Dong, 2005, Chinese Journal of Computers, V28, P767
[9]  
Zhang J.H., 2007, J. Shanxi Agric. Univ. (Soc. Sci. Ed.), V6, P275, DOI DOI 10.3969/J.ISSN.1671-816X.2007.03.015
1