Abstract
The characteristics of distributed denial of service (DDoS) attack diversity, distribution and burstiness in the new network environment make it difficult to detect the current detection methods. This paper proposes a DDoS attack detection method based on V-Support Vector Machine (SVM). This method defines a nine-tuple network service association feature to extract the feature of the network flow, then normalizes the feature data and reduces the dimension by principal component analysis. Finally, select the appropriate kernel function and introduce the parameter V control support vector and the number of error vectors, establish a V-SVM-based DDoS attack classification model to detect attacks. The experimental results show that compared with similar methods, this method not only improves the accuracy, reduces the false negative rate, but also ensures the stability and timeliness of the classification model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Behal, S., Kumar, K.: Characterization and comparison of DDoS attack tools and traffic generators -a review. Int. J. Netw. Secur. 19(3), 383–393 (2017)
Cheng, J.R., Tang, X.Y., Yin, J.: A change-point DDoS attack detection method based on half interaction anomaly degree. Int. J. Auton. Adapt. Commun. Syst. 10(1), 38 (2017)
Yadav, V.K., Trivedi, M.C., Mehtre, B.M.: DDA: an approach to handle DDoS (Ping Flood) attack. In: Satapathy, S.C., Joshi, A., Modi, N., Pathak, N. (eds.) Proceedings of International Conference on ICT for Sustainable Development. AISC, vol. 408, pp. 11–23. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0129-1_2
Arbor Networks: Infrastructure Security Report (2012). http://tinyurl.com/ag6tht4. Accessed 22 May 2019
Ferreira, L.L.C., Assis, F.M., De Souza, C.P.: A comparative study of use of Shannon, Rényi and Tsallis entropy for attribute selecting in network intrusion detection. In: Proceedings of IEEE International Workshop on Measurements & Networking, vol. 7435, pp. 77–82 (2012)
Zhu, J.Q., Feng, F., Yin, K.X., et al.: Dynamic entropy based DoS attack detection method. Comput. Electr. Eng. 39(7), 2243–2251 (2013)
Mohiuddin, A., Abdun, N.M.: Novel approach for network traffic pattern analysis using clustering-based collective anomaly detection. Inf. Sci. 2(1), 111–130 (2015)
Cheng, G.Z., Chen, H.C., Cheng, D.N., et al.: Uncovering network traffic anomalies based on their sparse distributions. Sci. China Inf. Sci. 57(9), 1–11 (2014)
Park, J., Choi, D.H., Jeon, Y.-B., Min, S.D., Park, D.-S.: Network anomaly detection based on probabilistic analysis. In: Park, J.J., Pan, Y., Yi, G., Loia, V. (eds.) CSA/CUTE/UCAWSN -2016. LNEE, vol. 421, pp. 699–704. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-3023-9_107
Karnwal, T., Sivakumar, T., Aghila, G.: A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In: IEEE Students’ Conference on Electrical, Electronics and Computer Science, pp. 1–5. IEEE, India (2012)
Tama, B.A., Rhee, K.H.: Data mining techniques in DoS/DDoS attack detection: a literature review. Inf. Japan 18(8), 3739–3747 (2015)
Gao, C., Cheng, Q., He, P., Susilo, W., Li, J.: Privacy-preserving Naive Bayes classifiers secure against the substitution-then-comparison attack. Inf. Sci. 444, 72–88 (2018)
Abbas, H., Latif, R., Latif, S., et al.: Performance evaluation of Enhanced Very Fast Decision Tree (EVFDT) mechanism for distributed denial-of-service attack detection in health care systems. Ann. Telecommun. 71(9), 1–11 (2016)
Ma, X., Li, J., Zhang, F.: Outsourcing computation of modular exponentiations in cloud computing. Cluster Comput. 16(4), 787–796 (2013)
Li, J., Sun, L., Yan, Q., et al.: Significant permission identification for machine-learning-based android malware detection. IEEE Trans. Ind. Inform. 14(7), 3216–3225 (2018)
Li, P., Li, J., Huang, Z., et al.: Privacy-preserving outsourced classification in cloud computing. Cluster Comput. 21(1), 277–286 (2018)
Li, J., Chen, X., Huang, Q., et al.: Digital provenance: enabling secure data forensics in cloud computing. Future Gener. Comput. Syst. 37, 259–266 (2014)
Iglesias, F., Zseby, T., et al.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101, 59–84 (2015)
Usha, M., Kavitha, P.: Anomaly based intrusion detection for 802.11 networks with optimal features using SVM classifier. Wireless Netw. 21, 1–16 (2016). ISSN: 1022-0038
Lee, W., Stolfo, S.J., Mok, K.W.: Mining in a data-flow environment: experience in network intrusion detection. In: ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 114–124. ACM, USA (2000)
Cheng, J.R., Zhou, J.H., Tang, X.Y., et al.: A DDoS detection method for socially aware networking based on forecasting fusion feature sequence. Comput. J. 61(7), 959–970 (2018)
Siddiqui, M.K., Naahid, S.: Analysis of KDD CUP 99 dataset using clustering based data mining. Int. J. Database Theory Appl. 6(5), 23–34 (2013)
Cheng, J.R., Xu, R.M., Tang, X.Y., et al.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Continua 55(1), 95–119 (2018)
Niu, L., Sun, Z.L.: PCA-AKM algorithm and its application in intrusion detection system. Comput. Sci. 45(2), 226–230 (2018)
Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (2000). https://doi.org/10.1007/978-1-4757-3264-1
Schölkopf, B., Smola, A.J., Williamson, R.C., et al.: New support vector algorithms. Neural Comput. 12(5), 1207–1245 (2000)
KDD Cup 1999 Dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 24 May 2019
Hao, P.Y.: New support vector algorithms with parametric insensitive/margin model. Neural Netw. Official J. Int. Neural Netw. Soc. 23(1), 60 (2010)
Zhu, Y., Zhang, Y.-F., Du, A.-Y.: Study on fault classification of power-shift steering transmission based on v-support vector machine. In: Qi, E., Shen, J., Dou, R. (eds.) The 19th International Conference on Industrial Engineering and Engineering Management, pp. 647–654. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38433-2_70
Lenders, V., Tanner, A., Blarer, A.: Gaining an edge in cyberspace with advanced situational awareness. IEEE Secur. Privacy 13(2), 65–74 (2015)
Acknowledgments
Thanks are due to Tang and Cheng for assistance with the experiments and to Tu and Fan for valuable discussion. Thanks to the equipment support provided by the School of Information Science and Technology of Hainan University and the State Key Laboratory of Marine Resources Utilization in South China Sea.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Tang, X., Cao, R., Cheng, J., Fan, D., Tu, W. (2019). DDoS Attack Detection Method Based on V-Support Vector Machine. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11983. Springer, Cham. https://doi.org/10.1007/978-3-030-37352-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-37352-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37351-1
Online ISBN: 978-3-030-37352-8
eBook Packages: Computer ScienceComputer Science (R0)