标题：Anomaly diagnosis based on regression and classification analysis of statistical traffic features
作者：Liu, Lei; Jin, Xiaolong; Min, Geyong; Xu, Li
作者机构：[Liu, Lei] Shandong Univ, Dept Comp Sci, Jinan 250100, Peoples R China.; [Jin, Xiaolong] Chinese Acad Sci, Inst Comp Technol, Beijing, Peoples R Chi 更多
通讯作者地址：[Liu, L]Shandong Univ, Dept Comp Sci, Jinan 250100, Peoples R China.
来源：SECURITY AND COMMUNICATION NETWORKS
关键词：intrusion detection; DDoS; feature regression and classification;; traffic measurement; anomaly diagnosis
摘要：Traffic anomalies caused by Distributed Denial-of-Service (DDoS) attacks are major threats to both network service providers and legitimate customers. The DDoS attacks regularly consume and exhaust the resources of victims and hence result in abnormal bursty traffic through end-user systems. Additionally, malicious traffic aggregated into normal traffic often show dramatic changes in the traffic nature and statistical features. This study focuses on early detection of traffic anomalies caused by DDoS attacks in light of analyzing the network traffic behavior. Key statistical features including variance, autocorrelation, and self-similarity are employed to characterize the network traffic. Further, artificial neural network and support vector machine subject to the performance metrics are employed to predict and classify the abnormal traffic. The proposed diagnosis mechanism is validated through experiments where the datasets consist of two groups. The first group is the Massachusetts Institute of Technology Lincoln Laboratory dataset containing labeled DoS attack. The second group collected from DDoS attack simulation experiments covers three representative traffic shapes resulting from the dynamic attack rate configuration, namely, constant intensity, ramp-up behavior, and pulsing behavior. The experimental results demonstrate that the developed mechanism can effectively and precisely alert the abnormal traffic within short response period. Copyright (C) 2013 John Wiley & Sons, Ltd.