By Topic

A Principal Components Analysis-Based Robust DDoS Defense System

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Huizhong Sun ; Polytech. Univ., Brooklyn, NY ; Yan Zhaung ; Chao, H.J.

One of the major threats to cyber security is the distributed denial-of-service (DDoS) attack. In our previous projects, PacketScore, ALPi, and other statistical filtering-based approaches defend DDoS attacks via fine-grain comparisons between the measured current traffic profile and the victim's nominal profile. These schemes can tackle virtually all kinds of DDoS attacks, even never-before-seen attack types, due to the underlying statistics-based adaptive differentiation. The viability of those aforementioned statistical filtering defense systems is based on the premise that attackers do not know the victim's nominal traffic profile and, thus, cannot fake legitimate traffic. However, a sophisticated DDoS attacker might circumvent the defense system by discovering the statistical filtering rules and then controlling zombies to generate flooding traffic according to these discovered rules. This type of sophisticated attack seriously threatens the current Internet and has not yet been solved. In this paper, we propose a principal components analysis (PCA)-based DDoS defense system, which extracts nominal traffic characteristics by analyzing intrinsic dependency across multiple attribute values. The PCA-based scheme differentiates attacking packets from legitimate ones by checking if the current traffic volume of the associated attribute value violates the intrinsic dependency of nominal traffic. The correlation among different attributes makes it more difficult for the attacker to accurately discover the statistic filtering rules and, thus, makes it highly robust to cope with new and more sophisticated attacks.

Published in:

Communications, 2008. ICC '08. IEEE International Conference on

Date of Conference:

19-23 May 2008