Triangle-area-based multivariate correlation analysis for effective denial-of-service attack detection

Publication Type:
Conference Proceeding
Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012, 2012, pp. 33 - 40
Issue Date:
Filename Description Size
Thumbnail2011005808OK.pdf436.64 kB
Adobe PDF
Full metadata record
Cloud computing plays an important role in current converged networks. It brings convenience of accessing services and information to users regardless of location and time. However, there are some critical security issues residing in cloud computing, such as availability of services. Denial of service occurring on cloud computing has even more serious impact on the Internet. Therefore, this paper studies the techniques for detecting Denial-of-Service (DoS) attacks to network services and proposes an effective system for DoS attack detection. The proposed system applies the idea of Multivariate Correlation Analysis (MCA) to network traffic characterization and employs the principal of anomaly-based detection in attack recognition. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. Furthermore, a triangle area technique is proposed to enhance and speed up the process of MCA. The effectiveness of our proposed detection system is evaluated on the KDD Cup 99 dataset, and the influence of both non-normalized and normalized data on the performance of the detection system is examined. The results presented in the system evaluation section illustrate that our DoS attack detection system outperforms two state-of-theart approaches. © 2012 IEEE.
Please use this identifier to cite or link to this item: