Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features

In this paper we present and evaluate a Radial-basis-function neural network detector for Distributed-Denial-of-Service(DDoS) attacks in public networks based on statistical features estimated in short-time window analysis of the incoming data packets. A small number of statistical descriptors were used to describe the DDoS attacks behaviour, and an accurate classification is achieved using the Radial-basis-function neural networks (RBF-NN). The proposed method is evaluated in a simulated public network and showed detection rate better than 98% of DDoS attacks using only three statistical features estimated from one window of data packets of 6 s length. The same type of experiments were carried out on a real network giving significantly better results: a 100% DDoS detection rate is achieved followed by a 0% of false alarm rate using different statistical descriptors and training conditions for the RBF-NN. (c) 2004 Elsevier B.V. All rights reserved.