Enhancing DDoS Flood Attack Detection via Intelligent Fuzzy Logic

Distributed denial-of-service (DDoS) flood attack remains great threats to the Internet. This kind of attack consumes a large amount of network bandwidth or occupies network equipment resources by flooding them with packets from the machines distributed all over the world. To ensure the network usability and reliability, real-time and accurate detection of these attacks is critical. To date, various approaches have been proposed to detect these attacks, but with limited success when they are used in the real world. This paper presents a method that can real-time identify the occurrence of the DDoS flood attack and determine its intensity using the fuzzy logic. The proposed process consists of two stages: (i) statistical analysis of the network traffic time series using discrete wavelet transform (DWT) and Schwarz information criterion (SIC) to find out the change point of Hurst parameter resulting from DDoS flood attack, and then (ii) adaptively decide the intensity of the DDoS flood attack by using the intelligent fuzzy logic technology to analyze the Hurst parameter and its changing rate. The test results by NS2-based simulation with various network traffic characteristics and attacks intensities demonstrate that the proposed method can detect the DDoS flood attack timely, effectively and intelligently.