Efficient Detection of DDoS Attacks with Important Attributes

Wei Wang 1 Sylvain Gombault 2
1 DREAM - Diagnosing, Recommending Actions and Modelling
Inria Rennes – Bretagne Atlantique , IRISA-D7 - GESTION DES DONNÉES ET DE LA CONNAISSANCE
Abstract : DDoS attacks are major threats in current computer networks. However, DDoS attacks are difficult to be quickly detected. In this paper, we introduce a system that only extracts several important attributes from network traffic for DDoS attack detection in real computer networks. We collect a large set of DDoS attack traffic by implementing various DDoS attacks as well as normal data during normal usage. Information Gain and Chi-square methods are used to rank the importance of 41 attributes extracted from the network traffic with our programs. Bayesian networks as well as C4.5 are then employed to detect attacks as well as to determine what size of attributes is appropriate for fast detection. Empirical results show that only using the most important 9 attributes, the detection accuracy remains the same or even has some improvements compared with that of using all the 41 attributes based on Bayesian Networks and C4.5 methods. Only using several attributes also improves the efficiency in terms of attributes constructing, models training as well as intrusion detection.
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01833588
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Monday, July 9, 2018 - 6:25:30 PM
Last modification on : Monday, February 25, 2019 - 3:14:05 PM

Identifiers

Citation

Wei Wang, Sylvain Gombault. Efficient Detection of DDoS Attacks with Important Attributes. CRISIS 2008 - Third International Conference on Risks and Security on Internet and Systems, Oct 2008, Tozeur, Tunisia. pp.61-67, ⟨10.1109/CRISIS.2008.4757464⟩. ⟨hal-01833588⟩

Share

Metrics

Record views

65