Abstract
With the great changes in network scale and network topology, the difficulty of DDoS attack detection increases significantly. Most of the methods proposed in the past rarely considered the real-time, adaptive ability, and other practical issues in the real-world network attack detection environment. In this paper, we proposed a real-time adaptive DDoS attack detection method RT-SAD, based on the response to the external network when attacked. We designed a feature extraction method based on sketch and an adaptive updating algorithm, which makes the method suitable for the high-speed network environment. Experiment results show that our method can detect DDoS attacks using sampled Netflowunder high-speed network environment, with good real-time performance, low resource consumption, and high detection accuracy.
Highlights
Distributed denial of service (DDoS) attack has been one of the most difficult attacks in the network
In order to adapt to various types of DDoS attacks in the high-speed network environment, we propose an real-time adaptive DDoS detection method based on sketch for ISP network. e method implements dynamic adjustments of parameters of the detection model according to the current network situation, and realizes the real-time adaptive DDoS detection in a high-speed network
After the analysis of real network traffic, we found that when a DDoS attack occurs, the victim server usually cannot respond to all the clients. ere will be a large number of one-way traffic whose destination address is the victim host
Summary
Distributed denial of service (DDoS) attack has been one of the most difficult attacks in the network. Ese methods need to train the model on a large number of labeled network traffic data in advance to ensure the accuracy of attack detection. If the network environment changes, the current network traffic may not follow the data distribution of the pretrained model At this time, the traditional methods need to retrain the model to maintain high accuracy. In order to adapt to various types of DDoS attacks in the high-speed network environment, we propose an real-time adaptive DDoS detection method based on sketch for ISP network. E method implements dynamic adjustments of parameters of the detection model according to the current network situation, and realizes the real-time adaptive DDoS detection in a high-speed network.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
