Authors: Raghavender K V.; P. Premchand
Addresses: Osmania University, Hydrerabad, India; Department of CSE, Malla Reddy Engineering College (Autonomous), Hyderabad, TS, India ' Department of CSE, University College of Engineering, Osmania University, Hyderabad, India
Abstract: DDoS attack detection is the process of finding the attacks happening on a network that causes continues packet drops or losses. Accurate detection of DDoS is the most complex task due to varying network traffic traces and patterns. This is resolved in our previous work by introducing the method namely bandwidth flooding attack detection method. However, this method failed to perform better with varying traffic patterns and traces. This is resolved in this research work by introducing the method namely hybrid ARIMA-SWGARCH model whose main goal is to detection DDoS attacks by analysing the varying measured network traffic. Here initially normalisation of measure network patterns is done by using the Box-Cox transformation. And then the white test is performed to finding the heteroscedasticity characteristics of time series of traffic patterns. And then the hybrid ARIMA-SWAGARCH model is applied to efficiently detect the DDoS attacks happening on the network. The overall evaluation of this method is conducted in the MATLAB simulation environment from which it is proved that the proposed research method can ensure the optimal and reliable detection of DDoS attacks happening on the network.
Keywords: DDoS attacks; time series analysis; white test; model parameter estimation; traffic pattern analysis; ARIMA model; GARCH model.
International Journal of Information and Computer Security, 2021 Vol.14 No.2, pp.118 - 135
Received: 19 Mar 2019
Accepted: 16 Sep 2019
Published online: 15 Feb 2021 *