Abstract
Distributed denial-of-service(DDoS) attacks have recently emerged as a major threat to the security and stability of the Internet. As we know, traffic bursts always go with DDoS attacks. Detecting the network traffic bursts accurately in real-time can catch such attacks as quickly as possible. In this paper, we categorize the traffic bursts into three kinds: Single-point-burst, Short-flat-burst and Long-flat-burst, and propose a network traffic burst detecting algorithm (BDA-CWT) based on the continuous wavelet transform. In this algorithm, we use a slip window to analyze the traffic data uninterruptedly to detect the Short-flat-burst or the Long-flat-burst, which always represents DDoS attacks. Our experiment has demonstrated that the proposed detection algorithm is responsive and effective in curbing DDoS attacks, in contrast with the discrete wavelet transform and traditional methods (N-point-average and gradient).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Yaar, A., Perrig, A., Song, D.: Pi: a path identification mechanism to defend against DDoS attacks. In: Proceedings of the 2003 Symposium on Security and Privacy, May 11-14, pp. 93–107 (2003)
Yaar, A., Perrig, A., Song, D.: Pi: a path identification mechanism to defend against DDoS attacks. In: Proceedings of the 2003 Symposium on Security and Privacy, May 11-14, pp. 93–107 (2003)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to ddos attack detection and response. In: Proceedings of the DARPA Information Survivability Conference and Exposition, April 22-24, 2003. Scalable DDoS Protection Using Route-Based Filtering, vol. 1, pp. 303–314 (2003)
Park, K.: Scalable DDoS protection using route-based filtering. In: Proceedings of the DARPA Information Survivability Conference and Exposition, April 22-24, vol. 2, p. 97 (2003)
Yoohwan, K., Ju-Yeon, J., Chao, H.J., Merat, F.: High-speed router filter for blocking TCP flooding under DDoS attack. In: Proceedings of the 2003 IEEE International Conference on Performance, Computing, and Communications, April 9-11, pp. 183–190 (2003)
CERT Coordination Center. Internet Denial of Service Attacks and the Federal Response (February 2000), http://www.cert.org/congressional_testimony/Fithen_testimony_Feb29.html
Grossmann, A.: Wavelet transform and edge detection, Stochastics processes in physics and engineering, Hazeaingke Meds. Dorecht, Reidel (1986)
Mallat, S., Hwang, W.L.: Singularity Detection and Processing with Wavelets. IEEE Transactions on Information Theory 38(2) (March 1992)
Mallat, S.: Zero-crossing of wavelet transform. IEEE Trans. on Information Theory 37(4), 1019–1033 (1997)
Mallat, S., Zhong, S.F.: Characterization of signals from multiscale edges. IEEE Trans. on Pattern Analysis and Machine Intelligence 14(u), 710–732 (1992)
Mallat, S., refs. Within: A Theory for Multiresolution Signal Decomposition: the Wavelet Representation. IEEE Trans. on Pattern Anal. and Mach. Intell. 11, 674–693 (1989)
Garcia, R.C., Sadiku, M.N.O., Cannady, J.D.: WAID: wavelet analysis intrusion detection, Circuits and Systems. In: The 2002 45th Midwest Symposium on MWSCAS 2002, August 4-7, vol. 3, pp. III-688 - III-691 (2002)
Nash, D.A., Ragsdale, D.J.: Simulation of self-similarity in network utilization patterns as a precursor to automated testing of intrusion detection systems. IEEE Transactions on Systems, Man and Cybernetics, Part A 31(4), 327–331 (2001)
Grossmann, A., Morlet, J.: Decomposition of Hardy functions into square integrable wavelets of constant shape. SIAM J. Math. 15, 723–736 (1984)
Oppenheim, A.V., Sehafer, R.W.: Digital Signal Processing. Prentice-Hall, Englewood Cliffs (1975)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, X., Liu, Y., Zeng, M., Shi, Y. (2004). A Novel DDoS Attack Detecting Algorithm Based on the Continuous Wavelet Transform. In: Chi, CH., Lam, KY. (eds) Content Computing. AWCC 2004. Lecture Notes in Computer Science, vol 3309. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30483-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-30483-8_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23898-0
Online ISBN: 978-3-540-30483-8
eBook Packages: Springer Book Archive