6533b82ffe1ef96bd1296459

RESEARCH PRODUCT

Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic

Tero KokkonenMikhail ZolotukhinJarmo SiltanenHämäläinen Timo

subject

Fuzzy clusteringbusiness.industryNetwork securityComputer scienceNetwork packet05 social sciencesDenial-of-service attack02 engineering and technologyIntrusion detection systemEncryption0502 economics and business0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingAnomaly detectionActivity-based costingbusiness050203 business & managementComputer network

description

Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available for the analysis. The proposed technique is tested with realistic end user network traffic generated in the RGCE Cyber Range.

yearjournalcountryeditionlanguage
2016-01-01
https://doi.org/10.1007/978-3-319-46301-8_27