DDoS Attack Detection using K-Nearest Neighbor Classifier Method

N.H. Vu, Y.-S. Choi, and M. Choi (Korea)

Keywords

DDoS, k-Nearest Neighbor classifier, Text processing

Abstract

Recently, as the serious damage caused by Distributed Denial of Service (DDoS) attacks increases, it became one of the biggest problem need to be solved in security domain. There are a lot of methodologies and tools which came out into society to detect DDoS attacks as well as reduce the damage it had. However, each method has a limited success because still, most of them can not simultaneously gain these objectives which are (1) good at detection with a few error alarms and (2) ensuring the real-time in the transference of all packets. In this paper, we introduced a method for proactive detection of DDoS attack by classifying the network status. Firstly, we analyzed DDoS’s architecture and found detail about all of its phases. Afterwards, we looked into the procedures of DDoS attack to select variables based on these features. Finally, we applied K-Nearest Neighbor (k-NN) method to classify the status of networks to each phase of DDoS attack. The result showed that each phase of the attack scenario is classified well and we could early detect DDoS attack.

Important Links:



Go Back