TY - GEN
T1 - Linear Regression Based DDoS Attack Detection
AU - Barbhuiya, Sakil
AU - Kilpatrick, Peter
AU - S. Nikolopoulos, Dimitrios
PY - 2021/2/26
Y1 - 2021/2/26
N2 - DDoS attacks are increasing alongside the growth of web-based services. Existing research proposes a number of anomaly-based techniques which analyse network traffic to detect such attacks. However, these techniques typically raise a number of false positives, specifically due to the occurrence of spikes in the network traffic, which must be distinguished from genuine attacks. To reduce such false positives, we propose a linear regression based DDoS attack detection technique, which is based on the hypothesis that there is a positive correlation between average and standard deviation of the network throughput in a window-based time series, and this correlation is affected due to DDoS attacks. We evaluate the performance of the proposed technique by running experiments on real-world network traffic and the CAIDA DDoS attack 2007 dataset. We also compare the proposed technique against average and entropy based one class classification techniques, which represent the state-of-the-art linear classification techniques to detect DDoS attacks. Evaluation results demonstrate that the proposed linear regression based technique reduces the false positives significantly while maintaining the accuracy of attack detection.
AB - DDoS attacks are increasing alongside the growth of web-based services. Existing research proposes a number of anomaly-based techniques which analyse network traffic to detect such attacks. However, these techniques typically raise a number of false positives, specifically due to the occurrence of spikes in the network traffic, which must be distinguished from genuine attacks. To reduce such false positives, we propose a linear regression based DDoS attack detection technique, which is based on the hypothesis that there is a positive correlation between average and standard deviation of the network throughput in a window-based time series, and this correlation is affected due to DDoS attacks. We evaluate the performance of the proposed technique by running experiments on real-world network traffic and the CAIDA DDoS attack 2007 dataset. We also compare the proposed technique against average and entropy based one class classification techniques, which represent the state-of-the-art linear classification techniques to detect DDoS attacks. Evaluation results demonstrate that the proposed linear regression based technique reduces the false positives significantly while maintaining the accuracy of attack detection.
U2 - 10.1145/3457682.3457769
DO - 10.1145/3457682.3457769
M3 - Conference contribution
T3 - 2021 13th International Conference on Machine Learning and Computing
BT - ICMLC 2021: 2021 13th International Conference on Machine Learning and Computing
PB - Association for Computing Machinery
ER -