A principal components analysis-based robust DDoS defense system

Huizhong Sun, Yan Zhaung, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

One of the major threats to cyber security is the Distributed Denial-of-Service (DDoS) attack. In our previous projects, PacketScore, ALPi, and other statistical filtering-based approaches defend DDoS attacks via fine-grain comparisons between the measured current traffic profile and the victim's nominal profile. These schemes can tackle virtually all kinds of DDoS attacks, even never-before-seen attack types, due to the underlying statistics-based adaptive differentiation. The viability of those aforementioned statistical filtering defense systems is based on the premise that attackers do not know the victim's nominal traffic profile and, thus, cannot fake legitimate traffic. However, a sophisticated DDoS attacker might circumvent the defense system by discovering the statistical filtering rules and then controlling zombies to generate flooding traffic according to these discovered rules. This type of sophisticated attack seriously threatens the current Internet and has not yet been solved. In this paper, we propose a Principal Components Analysis (PCA)-based DDoS defense system, which extracts nominal traffic characteristics by analyzing intrinsic dependency across multiple attribute values. The PCA-based scheme differentiates attacking packets from legitimate ones by checking if the current traffic volume of the associated attribute value violates the intrinsic dependency of nominal traffic. The correlation among different attributes makes it more difficult for the attacker to accurately discover the statistic filtering rules and, thus, makes it highly robust to cope with new and more sophisticated attacks.

Original languageEnglish (US)
Title of host publicationICC 2008 - IEEE International Conference on Communications, Proceedings
Pages1663-1669
Number of pages7
DOIs
StatePublished - 2008
EventIEEE International Conference on Communications, ICC 2008 - Beijing, China
Duration: May 19 2008May 23 2008

Other

OtherIEEE International Conference on Communications, ICC 2008
CountryChina
CityBeijing
Period5/19/085/23/08

Fingerprint

Principal component analysis
Statistics
Internet
Denial-of-service attack

Keywords

  • Distributed denial-of-service attack
  • Principal component analysis
  • Selective packet discarding
  • Statistical filtering rules

ASJC Scopus subject areas

  • Media Technology

Cite this

Sun, H., Zhaung, Y., & Chao, H. J. (2008). A principal components analysis-based robust DDoS defense system. In ICC 2008 - IEEE International Conference on Communications, Proceedings (pp. 1663-1669). [4533357] https://doi.org/10.1109/ICC.2008.321

A principal components analysis-based robust DDoS defense system. / Sun, Huizhong; Zhaung, Yan; Chao, H. Jonathan.

ICC 2008 - IEEE International Conference on Communications, Proceedings. 2008. p. 1663-1669 4533357.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sun, H, Zhaung, Y & Chao, HJ 2008, A principal components analysis-based robust DDoS defense system. in ICC 2008 - IEEE International Conference on Communications, Proceedings., 4533357, pp. 1663-1669, IEEE International Conference on Communications, ICC 2008, Beijing, China, 5/19/08. https://doi.org/10.1109/ICC.2008.321
Sun H, Zhaung Y, Chao HJ. A principal components analysis-based robust DDoS defense system. In ICC 2008 - IEEE International Conference on Communications, Proceedings. 2008. p. 1663-1669. 4533357 https://doi.org/10.1109/ICC.2008.321
Sun, Huizhong ; Zhaung, Yan ; Chao, H. Jonathan. / A principal components analysis-based robust DDoS defense system. ICC 2008 - IEEE International Conference on Communications, Proceedings. 2008. pp. 1663-1669
@inproceedings{d971a7a3615f4b27a14d66cc7de199a9,
title = "A principal components analysis-based robust DDoS defense system",
abstract = "One of the major threats to cyber security is the Distributed Denial-of-Service (DDoS) attack. In our previous projects, PacketScore, ALPi, and other statistical filtering-based approaches defend DDoS attacks via fine-grain comparisons between the measured current traffic profile and the victim's nominal profile. These schemes can tackle virtually all kinds of DDoS attacks, even never-before-seen attack types, due to the underlying statistics-based adaptive differentiation. The viability of those aforementioned statistical filtering defense systems is based on the premise that attackers do not know the victim's nominal traffic profile and, thus, cannot fake legitimate traffic. However, a sophisticated DDoS attacker might circumvent the defense system by discovering the statistical filtering rules and then controlling zombies to generate flooding traffic according to these discovered rules. This type of sophisticated attack seriously threatens the current Internet and has not yet been solved. In this paper, we propose a Principal Components Analysis (PCA)-based DDoS defense system, which extracts nominal traffic characteristics by analyzing intrinsic dependency across multiple attribute values. The PCA-based scheme differentiates attacking packets from legitimate ones by checking if the current traffic volume of the associated attribute value violates the intrinsic dependency of nominal traffic. The correlation among different attributes makes it more difficult for the attacker to accurately discover the statistic filtering rules and, thus, makes it highly robust to cope with new and more sophisticated attacks.",
keywords = "Distributed denial-of-service attack, Principal component analysis, Selective packet discarding, Statistical filtering rules",
author = "Huizhong Sun and Yan Zhaung and Chao, {H. Jonathan}",
year = "2008",
doi = "10.1109/ICC.2008.321",
language = "English (US)",
isbn = "9781424420742",
pages = "1663--1669",
booktitle = "ICC 2008 - IEEE International Conference on Communications, Proceedings",

}

TY - GEN

T1 - A principal components analysis-based robust DDoS defense system

AU - Sun, Huizhong

AU - Zhaung, Yan

AU - Chao, H. Jonathan

PY - 2008

Y1 - 2008

N2 - One of the major threats to cyber security is the Distributed Denial-of-Service (DDoS) attack. In our previous projects, PacketScore, ALPi, and other statistical filtering-based approaches defend DDoS attacks via fine-grain comparisons between the measured current traffic profile and the victim's nominal profile. These schemes can tackle virtually all kinds of DDoS attacks, even never-before-seen attack types, due to the underlying statistics-based adaptive differentiation. The viability of those aforementioned statistical filtering defense systems is based on the premise that attackers do not know the victim's nominal traffic profile and, thus, cannot fake legitimate traffic. However, a sophisticated DDoS attacker might circumvent the defense system by discovering the statistical filtering rules and then controlling zombies to generate flooding traffic according to these discovered rules. This type of sophisticated attack seriously threatens the current Internet and has not yet been solved. In this paper, we propose a Principal Components Analysis (PCA)-based DDoS defense system, which extracts nominal traffic characteristics by analyzing intrinsic dependency across multiple attribute values. The PCA-based scheme differentiates attacking packets from legitimate ones by checking if the current traffic volume of the associated attribute value violates the intrinsic dependency of nominal traffic. The correlation among different attributes makes it more difficult for the attacker to accurately discover the statistic filtering rules and, thus, makes it highly robust to cope with new and more sophisticated attacks.

AB - One of the major threats to cyber security is the Distributed Denial-of-Service (DDoS) attack. In our previous projects, PacketScore, ALPi, and other statistical filtering-based approaches defend DDoS attacks via fine-grain comparisons between the measured current traffic profile and the victim's nominal profile. These schemes can tackle virtually all kinds of DDoS attacks, even never-before-seen attack types, due to the underlying statistics-based adaptive differentiation. The viability of those aforementioned statistical filtering defense systems is based on the premise that attackers do not know the victim's nominal traffic profile and, thus, cannot fake legitimate traffic. However, a sophisticated DDoS attacker might circumvent the defense system by discovering the statistical filtering rules and then controlling zombies to generate flooding traffic according to these discovered rules. This type of sophisticated attack seriously threatens the current Internet and has not yet been solved. In this paper, we propose a Principal Components Analysis (PCA)-based DDoS defense system, which extracts nominal traffic characteristics by analyzing intrinsic dependency across multiple attribute values. The PCA-based scheme differentiates attacking packets from legitimate ones by checking if the current traffic volume of the associated attribute value violates the intrinsic dependency of nominal traffic. The correlation among different attributes makes it more difficult for the attacker to accurately discover the statistic filtering rules and, thus, makes it highly robust to cope with new and more sophisticated attacks.

KW - Distributed denial-of-service attack

KW - Principal component analysis

KW - Selective packet discarding

KW - Statistical filtering rules

UR - http://www.scopus.com/inward/record.url?scp=51249096733&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51249096733&partnerID=8YFLogxK

U2 - 10.1109/ICC.2008.321

DO - 10.1109/ICC.2008.321

M3 - Conference contribution

SN - 9781424420742

SP - 1663

EP - 1669

BT - ICC 2008 - IEEE International Conference on Communications, Proceedings

ER -