|
Title:
|
ON THE DETECTION OF DENIAL OF SERVICE ATTACKS USING CLUSTERING |
|
Author(s):
|
Yousra Chabchoub, Jan Neuzil |
|
ISBN:
|
978-989-8533-45-6 |
|
Editors:
|
Hans Weghorn |
|
Year:
|
2015 |
|
Edition:
|
Single |
|
Keywords:
|
Clustering, Kmeans, Dynamic Time Warping, SYN flooding |
|
Type:
|
Short Paper |
|
First Page:
|
176 |
|
Last Page:
|
180 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
One of the biggest threats today in computer networks is the growth of P2P botnets which are used to launch distributed denial of service attacks (DDoS attacks). These attacks cause services disruption of targeted servers, which become unable to handle incoming requests from the legitimate users. Providers and owners of these services suffer from significant economic losses and decreasing reputation. Several methods have been proposed to identify and stop the attacks as soon as possible. In this paper, we focus on real-time detection of DDoS attacks using statistical and clustering techniques. We consider in particular the SYN flooding attack, which is the most common DDoS attack. The proposed algorithm is based on the well-known clustering algorithm Kmeans, along with the Dynamic Time Warping (DTW) metric to measure, with a high flexibility, the similarity between the clusters. The centers of the clusters are updated using the efficient Dtw Barycenter Averaging (DBA) method. The obtained algorithm is tested against real IP traffic containing some attacks. Results show that all the attacks are classified in one cluster and are detected within a short time response (of about 30 seconds). |
|
|
|
|
|
|
