An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment

Jieren Cheng, Ruomeng Xu, Xiangyan Tang, Victor S. Sheng, Canting Cai

Research output: Contribution to journalArticlepeer-review

119 Scopus citations

Abstract

Distributed denial-of-service (DDoS) is a rapidly growing problem with the fast development of the Internet. There are multitude DDoS detection approaches, however, three major problems about DDoS attack detection appear in the big data environment. Firstly, to shorten the respond time of the DDoS attack detector; secondly, to reduce the required compute resources; lastly, to achieve a high detection rate with low false alarm rate. In the paper, we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems. We define a network flow abnormal index as PDRA with the percentage of old IP addresses, the increment of the new IP addresses, the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address. We design an IP address database using sequential storage model which has a constant time complexity. The autoregressive integrated moving average (ARIMA) trending prediction module will be started if and only if the number of continuous PDRA sequence value, which all exceed an PDRA abnormal threshold (PAT), reaches a certain preset threshold. And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT. Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence. Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption, identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate.

Original languageEnglish
Pages (from-to)95-119
Number of pages25
JournalComputers, Materials and Continua
Volume55
Issue number1
DOIs
StatePublished - 2018

Keywords

  • ARIMA
  • Big data
  • DDoS attack
  • Time series prediction

Fingerprint

Dive into the research topics of 'An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment'. Together they form a unique fingerprint.

Cite this