DDoS detection based on graph structure features and non‐negative matrix factorization

Abstract: Distributed denial of service (DDoS) attacks are the most common and harmful attack in the field of network security, the purpose of this paper is to predict the occurrence of DDoS attacks quickly, accurately and effectively. In this paper, the characteristics of DDoS attacks are analyzed in detail, graph model is used to express the structural characteristics of traffic data between the victims and bots, at the same time, considering data characteristics of traffic itself, 11 characteristics are selected at l… Show more

“…us, a series of arrays with large expectation values are used. e sum of the expectation value q is larger than 90% with respect to the analysis of some references [5], [23][24][25]. In this example, the expectation values are 96.42% and 3.57%, respectively.…”

“…e destination vertices receive different packets, and the processing time is also different. Furthermore, the interval time of normal traffic is affected by noise, network bandwidth, receiving window size, sending window size, etc., which shows a significant difference from DDoS attacks [5]. In addition, the interval time of normal traffic is limited by network bandwidth, noise, size of sending window, and other factors, which is significantly different from DDoS attacks.…”

“…According to the popularization of information technology, especially the IoT, more and more host types of botnets that is a host infected with a malicious program and under the control of an attacker appear [4]. Verizon revealed a DDoS attack on a US university, the campus network speed has slowed down significantly, and the domain name server (DNS) was flooded with abnormal queries from the school's approximately 5,000 IoT devices, including streetlights, vending machines, and other botnet devices [5].…”

Detection of DDoS Attack within Industrial IoT Devices Based on Clustering and Graph Structure Features

“…us, a series of arrays with large expectation values are used. e sum of the expectation value q is larger than 90% with respect to the analysis of some references [5], [23][24][25]. In this example, the expectation values are 96.42% and 3.57%, respectively.…”

“…e destination vertices receive different packets, and the processing time is also different. Furthermore, the interval time of normal traffic is affected by noise, network bandwidth, receiving window size, sending window size, etc., which shows a significant difference from DDoS attacks [5]. In addition, the interval time of normal traffic is limited by network bandwidth, noise, size of sending window, and other factors, which is significantly different from DDoS attacks.…”

“…According to the popularization of information technology, especially the IoT, more and more host types of botnets that is a host infected with a malicious program and under the control of an attacker appear [4]. Verizon revealed a DDoS attack on a US university, the campus network speed has slowed down significantly, and the domain name server (DNS) was flooded with abnormal queries from the school's approximately 5,000 IoT devices, including streetlights, vending machines, and other botnet devices [5].…”

Detection of DDoS Attack within Industrial IoT Devices Based on Clustering and Graph Structure Features

Recognition of DDoS attacks based on images correlation analysis within deep learning framework

A novel Distributed Denial of Service attack defense scheme for Software-Defined Networking using Packet-In message and frequency domain analysis