FFSc: a novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis

A Distributed Denial of Service (DDoS) attack is a major security threat for networks and Internet services. Attackers can generate attack traffic similar to normal network traffic using sophisticated attacking tools. In such a situation, many intrusion detection systems fail to identify DDoS attack in real time. However, DDoS attack traffic behaves differently from legitimate network traffic in terms of traffic features. Statistical properties of various features can be analyzed to distinguish the attack traffic from legitimate traffic. In this paper, we introduce a statistical measure called Feature Feature score for multivariate data analysis to distinguish DDoS attack traffic from normal traffic. We extract three basic parameters of network traffic, namely, entropy of source IPs, variation of source IPs, and packet rate to analyze the behavior of network traffic for attack detection. The method is validated using CAIDA DDoS 2007 and MIT DARPA datasets. Copyright © 2016 John Wiley & Sons, Ltd.