{"title":"多流组合HMM提高DDoS源端检测精度","authors":"Jian Kang, Qiang Li, Yuan Zhang, Zhuo Li","doi":"10.1109/CIS.WORKSHOPS.2007.86","DOIUrl":null,"url":null,"abstract":"DDoS (distributed denial-of-service) attacks detection system deployed in source-end network is superior in perceiving and throttling attacks before dataflows enter Internet, comparing with that in victim network. However, the current existed works in source- end network are so fragile, lead to a high false-positive rate and false-negative rate. This paper proposes a novel approach using multi-stream combined hidden Markov model (MC-HMM) on source-end DDoS detection for integrating multi-features simultaneously. The multi-features include the S-D-P three-tuple, TCP header Flags, and IP header ID field. Through experiments, we compared our original approach based on multiple detection features with other algorithms (such as CUSUM and HMM). The results present that our approach effectively reduces false-positive rate and false-negative rate, and improves the precision of detection.","PeriodicalId":409737,"journal":{"name":"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Improvement on Precision in DDoS Source-End Detection with Multi-stream Combined HMM\",\"authors\":\"Jian Kang, Qiang Li, Yuan Zhang, Zhuo Li\",\"doi\":\"10.1109/CIS.WORKSHOPS.2007.86\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DDoS (distributed denial-of-service) attacks detection system deployed in source-end network is superior in perceiving and throttling attacks before dataflows enter Internet, comparing with that in victim network. However, the current existed works in source- end network are so fragile, lead to a high false-positive rate and false-negative rate. This paper proposes a novel approach using multi-stream combined hidden Markov model (MC-HMM) on source-end DDoS detection for integrating multi-features simultaneously. The multi-features include the S-D-P three-tuple, TCP header Flags, and IP header ID field. Through experiments, we compared our original approach based on multiple detection features with other algorithms (such as CUSUM and HMM). The results present that our approach effectively reduces false-positive rate and false-negative rate, and improves the precision of detection.\",\"PeriodicalId\":409737,\"journal\":{\"name\":\"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIS.WORKSHOPS.2007.86\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS.WORKSHOPS.2007.86","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Improvement on Precision in DDoS Source-End Detection with Multi-stream Combined HMM
DDoS (distributed denial-of-service) attacks detection system deployed in source-end network is superior in perceiving and throttling attacks before dataflows enter Internet, comparing with that in victim network. However, the current existed works in source- end network are so fragile, lead to a high false-positive rate and false-negative rate. This paper proposes a novel approach using multi-stream combined hidden Markov model (MC-HMM) on source-end DDoS detection for integrating multi-features simultaneously. The multi-features include the S-D-P three-tuple, TCP header Flags, and IP header ID field. Through experiments, we compared our original approach based on multiple detection features with other algorithms (such as CUSUM and HMM). The results present that our approach effectively reduces false-positive rate and false-negative rate, and improves the precision of detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
