Title: DDoS detection and traceback with decision tree and grey relational analysis

Authors: Yi-Chi Wu, Huei-Ru Tseng, Wuu Yang, Rong-Hong Jan

Addresses: Department of Computer Science, National Chiao Tung University, Hsinchu 30010, Taiwan. ' Industrial Technology Research Institute, Hsinchu, 31040, Taiwan. ' Department of Computer Science, National Chiao Tung University, Hsinchu 30010, Taiwan. ' Department of Computer Science, National Chiao Tung University, Hsinchu 30010, Taiwan

Abstract: In Distributed Denial-of-Service (DDoS) Attack, an attacker breaks into many innocent computers (called zombies). Then, the attacker sends a large number of packets from zombies to a server, to prevent the server from conducting normal business operations. We design a DDoS-detection system based on a decision-tree technique and, after detecting an attack, to trace back to the attacker|s locations with a traffic-flow pattern-matching technique. Our system could detect DDoS attacks with the false positive ratio about 1.2-2.4%, false negative ratio about 2-10%, and find the attack paths in traceback with the false negative rate 8-12% and false positive rate 12-14%.

Keywords: DDoS detection; distributed DoS; DoS attacks; denial of service; attacker traceback; decision tree; grey relational analysis; GRA; attacker locations; traffic low pattern matching.

DOI: 10.1504/IJAHUC.2011.038998

International Journal of Ad Hoc and Ubiquitous Computing, 2011 Vol.7 No.2, pp.121 - 136

Published online: 11 Mar 2011 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article