By Topic

Timeslot Monitoring Model for application layer DDoS attack detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Choi, Y.S. ; Managed Security Res. Team, Electron. & Telecommun. Res. Inst., Daejeon, South Korea ; Oh, J.T. ; Jang, J.S. ; Kim, I.K.

In this letter, a new model for application layer DDoS attack detection is proposed. With the proposed model, the profiles for a normal user's legitimate traffic pattern and a DDoS attack traffic pattern can be generated. We can detect the DDoS attack traffic with the generated profiles in a short period of time with little consumption of computing resources. We call this model a Timeslot Monitoring Model (TMM). In this model, we extract three key features from monitored network traffic that compose the profiles. The extracted features that can represent the continuity of the traffic are classified into normal or DDoS attack traffic by a support vector machine. As a consequence, the proposed method allows us to extract the attacker's IP address with very high detection rates.

Published in:

Computer Sciences and Convergence Information Technology (ICCIT), 2011 6th International Conference on

Date of Conference:

Nov. 29 2011-Dec. 1 2011