Time Series Similarity for Detecting DDoS Flooding Attack

Document Type : Novel Research Articles

Authors

Faculty of Computers and Information, Assiut University, Assiut, Egypt

Abstract

Distributed Denial of Service attack (DDoS) is one of many types that hit computer networks. For security specialists, this attack is one of their main concerns. The DDoS flooding attack prevents the legitimate users from using their desired services by consuming the server resources. It includes many types depending on the targeted layer as example, SYN flooding attack and UDP attack are lunched into the network layer, while the HTTP flooding attack and DNS attack into the application layer. The DDoS flooding attack takes use of a flaw in the internet routing system by flooding the server with packets bearing faked IP addresses. Due to the internet routing infrastructure's inability to discriminate between spoofed and legitimate packets, using these spoofed IP addresses makes it difficult to detect this attack. Based on time series similarity measurement, we offer a new detection approach for DDoS flooding attacks in this paper. By computing the cost function value and by comparing this value with a modified adaptive threshold, legal and malicious traffic intervals can be clearly distinguished. Our results show the efficiency of the proposed detection approach through the obtained detection rates.

Keywords

Main Subjects

Assiut University Journal of Multidisciplinary Scientific Research
Volume 51, Issue 3
September 2022
Pages 229-241

Files

Share

How to cite

Statistics