Time Series Similarity for Detecting DDoS Flooding Attack | ||||
Assiut University Journal of Multidisciplinary Scientific Research | ||||
Volume 51, Issue 3, September 2022, Page 229-241 PDF (940.73 K) | ||||
Document Type: Novel Research Articles | ||||
DOI: 10.21608/aunj.2022.129373.1004 | ||||
![]() | ||||
Authors | ||||
Fatma Abd-Alhaleem Hussain ![]() | ||||
Faculty of Computers and Information, Assiut University, Assiut, Egypt | ||||
Abstract | ||||
Distributed Denial of Service attack (DDoS) is one of many types that hit computer networks. For security specialists, this attack is one of their main concerns. The DDoS flooding attack prevents the legitimate users from using their desired services by consuming the server resources. It includes many types depending on the targeted layer as example, SYN flooding attack and UDP attack are lunched into the network layer, while the HTTP flooding attack and DNS attack into the application layer. The DDoS flooding attack takes use of a flaw in the internet routing system by flooding the server with packets bearing faked IP addresses. Due to the internet routing infrastructure's inability to discriminate between spoofed and legitimate packets, using these spoofed IP addresses makes it difficult to detect this attack. Based on time series similarity measurement, we offer a new detection approach for DDoS flooding attacks in this paper. By computing the cost function value and by comparing this value with a modified adaptive threshold, legal and malicious traffic intervals can be clearly distinguished. Our results show the efficiency of the proposed detection approach through the obtained detection rates. | ||||
Keywords | ||||
DDoS Flooding; Time Series similarity; Dynamic Time Warping; Weighted Moving Average | ||||
Statistics Article View: 223 PDF Download: 217 |
||||