Book ChapterDOI
Cluster-Based Countermeasures for DDoS Attacks
Mohammad Jabed Morshed Chowdhury,Dileep Kumar G +1 more
- pp 206-227
Reads0
Chats0
TLDR
In cluster-based filtering, unsupervised learning is used to create profile of the network traffic, and the legitimate traffic will get better bandwidth capacity than the malicious traffic, so the effect of bad or malicious traffic will be lesser in the network.Abstract:
Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with clusterbased filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.read more
References
More filters
An Architecture for Differentiated Service
TL;DR: An architecture for implementing scalable service differentiation in the Internet achieves scalability by aggregating traffic classification state which is conveyed by means of IP-layer packet marking using the DS field [DSFIELD].
Journal ArticleDOI
From Data Mining to Knowledge Discovery in Databases
TL;DR: An overview of this emerging field is provided, clarifying how data mining and knowledge discovery in databases are related both to each other and to related fields, such as machine learning, statistics, and databases.
Proceedings ArticleDOI
Mining anomalies using traffic feature distributions
TL;DR: It is argued that the distributions of packet features observed in flow traces reveals both the presence and the structure of a wide range of anomalies, and that using feature distributions, anomalies naturally fall into distinct and meaningful clusters that can be used to automatically classify anomalies and to uncover new anomaly types.
Proceedings ArticleDOI
Traffic classification using clustering algorithms
TL;DR: This work considers two unsupervised clustering algorithms, namely K-Means and DBSCAN, that have previously not been used for network traffic classification and evaluates these two algorithms and compares them to the previously used AutoClass algorithm, using empirical Internet traces.