| When web based applications are becoming more popular, many critical services are supplied mainly by computer network. However, it is one of the most important key points in the research of computer security area that how to guarantee the security and availability of Internet. In recent years, a lot of critical networks are threatened by network intrusions, such as government network, banking networks and so on.Distributed Denial of Service (DDoS), which depletes the network's resources and denies service to legitimate users, is one of the most scabrous network security problems. How to detect DDoS attacking timely and accurately and how to prevent network from DDoS attacking are two key points to handle DDoS attacks. In this paper, detection of DDoS attacking timely and accurately are mainly discussed.Normal traffic flow on network exhibits long range dependency properties which means large variance and self-similarity, however, this traffic model will be disrupted when DDoS attack takes place. Detection of DDoS attack timely and accurately in this paper is based on this law.Hurst parameter is the most important variable in DDoS attacking detection algorithm which is based on self-similarity traffic model.There are many methods to calculate the Hurst parameter and they are mainly divided into graphical and non-graphical method. Both methods are required large sample size, more memory and CPU resources for computing and thus non-timely Hurst parameter, however, it is impossible for these methods to calculate real-time Hurst parameter and they are only used for off-line analysis.In this paper, DDoS detection algorithm based on self-similarity traffic model is deeply discussed. According to disadvantages of traditional Hurst computation and analysis of Variance - Time Plots (VIP) algorithm, On-Time VTP (OTVTP) algorithm is discussed and evaluated. Also, OTVTP is implemented in laboratorial environment and expected conclusions are reached. |
PDF Full Text Request