Ecole d'ingénieur et centre de recherche en Sciences du numérique

Anomaly-based DDoS attack detection by using sparse coding and frequency domain

Fouladi, Ramin Fadaei; Ermis, Orhan; Anarim, Emin

PIMRC 2019, IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, 8-11 September 2019, Istanbul, Turkey

Distributed Denial of Service (DDoS) attacks have become one of the most significant problems that affects the user satisfaction by degrading the availability of on-line services. Although intrusion detection systems provide effective mechanism for discriminating various DDoS attacks, they become impotent of detection when bogus packets similar to normal ones are dispatched by the attacker. One idea is to model the normal behavior of the network traffic using time series representation of that traffic together with advanced statistical analysis techniques such as frequency domain analysis for detecting the occurrence frequency (energy) of each basic element in time series. However, frequency domain analysis may become inadequate if the original frequency features are used for the detection anomalies. Therefore, in this work, we propose a hybrid approach that employs frequency domain analysis with sparse representation model to find discriminative characteristics for anomaly-based DDoS detection. The proposed algorithm distinguish abnormal traffic from the normal one based on the energy of time series for the number of packets feature, which is extracted from the time series data by using the sparse representation model. Experimental results show that performance of the proposed algorithm provides better DDoS detection results than the state-of-the-art time-series based approaches in the literature.

Document Doi Bibtex

Titre:Anomaly-based DDoS attack detection by using sparse coding and frequency domain
Département:Sécurité numérique
Eurecom ref:5948
Copyright: © 2019 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+5948, doi = {}, year = {2019}, title = {{A}nomaly-based {DD}o{S} attack detection by using sparse coding and frequency domain}, author = {{F}ouladi, {R}amin {F}adaei and {E}rmis, {O}rhan and {A}narim, {E}min}, booktitle = {{PIMRC} 2019, {IEEE} {I}nternational {S}ymposium on {P}ersonal, {I}ndoor and {M}obile {R}adio {C}ommunications, 8-11 {S}eptember 2019, {I}stanbul, {T}urkey}, address = {{I}stanbul, {TURQUIE}}, month = {09}, url = {} }
Voir aussi: