Mathematical Problems in Engineering
Volume 2010 (2010), Article ID 962435, 14 pages
doi:10.1155/2010/962435
Research Article

Note on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking

1Department of Electronic Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
2School of Information Security Engineering, Key Laboratory of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai 200240, China

Received 7 February 2010; Accepted 11 March 2010

Academic Editor: Ming Li

Copyright © 2010 Zhengmin Xia et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Distributed denial-of-service (DDoS) flood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Li's work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the Hurst parameter of normal traffic. If the actual Hurst parameter varies significantly from the estimation, we assume that DDoS attack happens. Meanwhile, we propose two methods to determine the change point of Hurst parameter that indicates the occurrence of DDoS attacks. The detection rate associated with one method and false alarm rate for the other method are also derived. The test results on DARPA intrusion detection evaluation data show that the proposed approaches can achieve better detection performance than some well-known self-similarity-based detection methods.