Ddos detection and traceback with decision tree and grey relational analysis

Yi Chi Wu; Huei Ru Tseng; Wuu Yang; Rong Hong Jan

doi:10.1504/IJAHUC.2011.038998

Ddos detection and traceback with decision tree and grey relational analysis

Yi Chi Wu, Huei Ru Tseng, Wuu Yang^*, Rong Hong Jan

^*Corresponding author for this work

Department of Computer Science

Research output: Contribution to journal › Article › peer-review

58 Scopus citations

Abstract

In Distributed Denial-of-Service (DDoS) Attack, an attacker breaks into many innocent computers (called zombies). Then, the attacker sends a large number of packets from zombies to a server, to prevent the server from conducting normal business operations. We design a DDoS-detection system based on a decision-tree technique and, after detecting an attack, to trace back to the attacker's locations with a traffic-flow pattern-matching technique. Our system could detect DDoS attacks with the false positive ratio about 1.2-2.4%, false negative ratio about 2-10%, and find the attack paths in traceback with the false negative rate 8-12% and false positive rate 12-14%.

Original language	English
Pages (from-to)	121-136
Number of pages	16
Journal	International Journal of Ad Hoc and Ubiquitous Computing
Volume	7
Issue number	2
DOIs	https://doi.org/10.1504/IJAHUC.2011.038998
State	Published - Mar 2011

Keywords

Attacker traceback
Ddos detection
Decision tree
Grey relational analysis

Access to Document

10.1504/IJAHUC.2011.038998

Cite this

@article{d3f1c02b4dd5413486bbb046557c3def,

title = "Ddos detection and traceback with decision tree and grey relational analysis",

abstract = "In Distributed Denial-of-Service (DDoS) Attack, an attacker breaks into many innocent computers (called zombies). Then, the attacker sends a large number of packets from zombies to a server, to prevent the server from conducting normal business operations. We design a DDoS-detection system based on a decision-tree technique and, after detecting an attack, to trace back to the attacker's locations with a traffic-flow pattern-matching technique. Our system could detect DDoS attacks with the false positive ratio about 1.2-2.4%, false negative ratio about 2-10%, and find the attack paths in traceback with the false negative rate 8-12% and false positive rate 12-14%.",

keywords = "Attacker traceback, Ddos detection, Decision tree, Grey relational analysis",

author = "Wu, {Yi Chi} and Tseng, {Huei Ru} and Wuu Yang and Jan, {Rong Hong}",

year = "2011",

month = mar,

doi = "10.1504/IJAHUC.2011.038998",

language = "English",

volume = "7",

pages = "121--136",

journal = "International Journal of Ad Hoc and Ubiquitous Computing",

issn = "1743-8225",

publisher = "Inderscience Enterprises Ltd",

number = "2",

}

TY - JOUR

T1 - Ddos detection and traceback with decision tree and grey relational analysis

AU - Wu, Yi Chi

AU - Tseng, Huei Ru

AU - Yang, Wuu

AU - Jan, Rong Hong

PY - 2011/3

Y1 - 2011/3

N2 - In Distributed Denial-of-Service (DDoS) Attack, an attacker breaks into many innocent computers (called zombies). Then, the attacker sends a large number of packets from zombies to a server, to prevent the server from conducting normal business operations. We design a DDoS-detection system based on a decision-tree technique and, after detecting an attack, to trace back to the attacker's locations with a traffic-flow pattern-matching technique. Our system could detect DDoS attacks with the false positive ratio about 1.2-2.4%, false negative ratio about 2-10%, and find the attack paths in traceback with the false negative rate 8-12% and false positive rate 12-14%.

AB - In Distributed Denial-of-Service (DDoS) Attack, an attacker breaks into many innocent computers (called zombies). Then, the attacker sends a large number of packets from zombies to a server, to prevent the server from conducting normal business operations. We design a DDoS-detection system based on a decision-tree technique and, after detecting an attack, to trace back to the attacker's locations with a traffic-flow pattern-matching technique. Our system could detect DDoS attacks with the false positive ratio about 1.2-2.4%, false negative ratio about 2-10%, and find the attack paths in traceback with the false negative rate 8-12% and false positive rate 12-14%.

KW - Attacker traceback

KW - Ddos detection

KW - Decision tree

KW - Grey relational analysis

UR - http://www.scopus.com/inward/record.url?scp=79952585972&partnerID=8YFLogxK

U2 - 10.1504/IJAHUC.2011.038998

DO - 10.1504/IJAHUC.2011.038998

M3 - Article

AN - SCOPUS:79952585972

SN - 1743-8225

VL - 7

SP - 121

EP - 136

JO - International Journal of Ad Hoc and Ubiquitous Computing

JF - International Journal of Ad Hoc and Ubiquitous Computing

IS - 2

ER -

Ddos detection and traceback with decision tree and grey relational analysis

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this