A DDoS Detection Method for Socially Aware Networking Based on Forecasting Fusion Feature Sequence

Distributed Denial-of-Service (DDoS) is one of the most destructive network attacks. In Socially Aware Networking (SAN), there are many problems in current detection methods, such as low flexibility in detecting different attacks, high false-negative and false-positive rates. In this paper, we propose a DDoS detection method for SAN based on fusion feature series forecasting. Specifically, we define a multi-protocol-fusion feature (MPFF) to characterize normal network flows. Moreover, we utilize the time-series Autoregressive Integrated Moving Average Model (ARIMA) to formally describe the MPFF sequence, which is subsequently used in network flow forecasting and error calculation. Finally, we present the ARIMA detection model with error correction based on MPFF time series to identify DDoS in SAN. The experimental results show that the proposed method can effectively distinguish attacking flows from normal ones. Compared with previous DDoS detection methods for SAN, the proposed method can achieve better performance of detecting DDoS in terms of detection rate, false-positive rate and time delay.