Abstract
In the last several years, DDoS attack methods become more sophisticated and effective. Hence, it is more difficult to detect the DDoS attack. In order to cope with these problems, there have been many researches on DDoS detection mechanism. However, the common shortcoming of the previous detection mechanisms is that they cannot detect new attacks. In this paper, we propose a new DDoS detection model based on Support Vector Machine (SVM). The proposed model uses SVM to automatically detect new DDoS attacks and uses Concentration Tendency of Network Traffic (CTNT) to analyze the characteristics of network traffic for DDoS attacks. Experimental results show that the proposed model can be a highly useful to detect various DDoS attacks.
This work was supported by the Ministry of Information Communication, Korea, under the Information Technology Research Center Support Program supervised by the IITA.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Garber, L.: Denial-of-Service Attacks Rip the Internet. IEEE Computer 33(4), 12–17 (2000)
Houle, J.K., Weaver, M.G.: Trends in Denial of Service Attack Technology, CERT Coordination Center (2001)
Moore, D., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Proceedings of the 10th USENIX Symposium, pp. 9–22 (2001)
Xiang, Y., Zhou, W.: Protect Grid from DDoS Attacks. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds.) GCC 2004. LNCS, vol. 3251, pp. 309–316. Springer, Heidelberg (2004)
Gil, T.M., Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of the 10th USENIX Security Symposium, pp. 23–38 (2001)
Kulkarni, A.B., Bush, S.F., Evans, S.C.: Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics. Technical report 2001CRD176, GE Research and Development Center (2001)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. Proceedings of IEEE INFOCOM – The Conference on Computer Communications 21(1), 1530–1539 (2002)
Lee, C., Noh, S., Choi, K., Jung, G.: Characterizing DDoS Attacks with Traffic Rate Analysis. In: Proceedings of the IADIS e-Society, vol. 1, pp. 81–88 (2003)
Noh, S., Lee, C., Choi, K., Jung, K.: Detecting Distributed Denial of Service (DDoS) Attacks through Inductive Learning. In: Liu, J., Cheung, Y.-m., Yin, H. (eds.) IDEAL 2003. LNCS, vol. 2690, pp. 286–295. Springer, Heidelberg (2003)
Burges. C.: LA Tutorial on Support Vector Machines for Patter Recognition. Data Mining and Knowledge Discovery, Boston (588)
Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines, Cambridge University (2000)
Seo, J., Lee, C., Moon, J.: Defending DDoS Attacks using Network Traffic Analysis and Probabilistic Packet Drop. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds.) GCC 2004. LNCS, vol. 3252, pp. 390–397. Springer, Heidelberg (2004)
Hwang, K., Kwok, Y., Song, S.: GridSec: Trusted Grid Computing with Security Binding and Self –defense Against Network Worms and DDoS attacks. In: Sunderam, V.S., van Albada, G.D., Sloot, P.M.A., Dongarra, J. (eds.) ICCS 2005. LNCS, vol. 3516, pp. 187–195. Springer, Heidelberg (2005)
Li, M., Vitanyi, P.: An Introduction to Kolmogorov Complexity and Its Applications, pp. 506–509. Springer, Heidelberg (1997); Section 7.6
Paxson, V.: Growth Trends in Wide-Area TCP Connections. IEEE Network 8, 8–17 (1994)
Standard Performance Evaluation Corporation. SPECweb99 Benchmark, available on-line: http://www.spec.org/osg/web99
Ruping, S.: mySVM – a Support Vector Machine, University of Dortmund (2004)
Holder, L.: ML v2.0: Machine Learning Program Evaluator. available on-line: http://www-cse.uta.edu/~holder/ftp/ml2.0.tar.gz
Lawrence Berkeley National Labs Network Research Group. Libpcap
Packet Storm. Tribe Flood Network 2000 (TFN2K) DDoS tool, available on-line: http://packetstormsecurity.org/distributed/TFN2k_Analysis-1.3.txt
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Seo, J., Lee, C., Shon, T., Moon, J. (2005). SVM Approach with CTNT to Detect DDoS Attacks in Grid Computing. In: Zhuge, H., Fox, G.C. (eds) Grid and Cooperative Computing - GCC 2005. GCC 2005. Lecture Notes in Computer Science, vol 3795. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11590354_7
Download citation
DOI: https://doi.org/10.1007/11590354_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30510-1
Online ISBN: 978-3-540-32277-1
eBook Packages: Computer ScienceComputer Science (R0)