Skip to Main content Skip to Navigation
Conference papers

A Lightweight Snapshot-Based DDoS Detector

Gilles Roudiere 1 Philippe Owezarski 1
1 LAAS-SARA - Équipe Services et Architectures pour Réseaux Avancés
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : Despite the efforts made from both the research community and the industry in inventing new methods to deal with distributed denial of service attacks, they stay a major threat in the Internet network. Those attacks are numerous, and can prevent, in most serious cases, the targeted system from answering any request from its clients. Detecting such attacks means dealing with several difficulties, such as their distributed nature or the several evasions techniques available to the attackers. The detection process has also a cost, which includes both the resources needed to perform the detection and the work of the network administrator. In this paper we introduce AATAC (Autonomous Algorithm for Traffic Anomaly Detection), an unsupervised DDoS detector that focuses on reducing the computational resources needed to process the traffic. It models the traffic using a set of regularly created snapshots. Each new snapshot is compared to this model using a k-NN based measure to detect significant deviations toward the usual traffic profile. Those snapshots are also used to provide the network administrator with an explicit and dynamic view of the traffic when an anomaly occurs. Our evaluation shows that AATAC is able to efficiently process real traces with low computational resources requirements, while achieving an efficient detection producing a low number of false-positives.
Complete list of metadata

Cited literature [21 references]  Display  Hide  Download

https://hal.laas.fr/hal-01676810
Contributor : Gilles Roudiere <>
Submitted on : Saturday, January 6, 2018 - 2:37:27 PM
Last modification on : Thursday, June 10, 2021 - 3:06:57 AM
Long-term archiving on: : Saturday, April 7, 2018 - 1:03:22 PM

File

cnsm2017.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01676810, version 1

Citation

Gilles Roudiere, Philippe Owezarski. A Lightweight Snapshot-Based DDoS Detector. 13th International Conference on Network and Service Management (CNSM 2017), Nov 2017, Tokyo, Japan. 16p. ⟨hal-01676810⟩

Share

Metrics

Record views

497

Files downloads

431