(A) proactive detection method of DDoS attack using cluster analysis

Abstract

Distributed Denial of Service (DDoS) attacks can easily exhaust the computing and communication resources of their victim within short period of time and they deteriorate the performance of whole network as well as interrupt communication of a specific host. Therefore we propose a method for proactive detection of DDoS attacks in this paper. DDoS attacks go on with several steps. We look into these features of DDoS attacks in order to detect precursors of DDoS attacks and then select variables based on the features. After that, we perform cluster analysis for proactive detection of DDoS attacks. We experimented with 2000 DARPA Intrusion Detection Scenario Specific Data Set in order to evaluate our method. In result, the data set is divided into several detailed groups and we can analyze the network traffic of each group according to the feature of each phase. With our proposed method, we can know not only whether incoming traffic is normal or abnormal but also which phase incoming traffic corresponds to. Therefore we can detect DDoS attacks proactively. As our method needs only normalized distance in order to determine which group incoming traffic belongs to, it is very easy to implement. For this reason, our method is proper for real-time detection.