Distributed Denial-of-Service (DDoS) is one of the most destructive network attacks. In Socially Aware Networking (SAN), there are many problems in current detection methods, such as low flexibility in detecting different attacks, high false-negative and false-positive rates. In this paper, we propose a DDoS detection method for SAN based on fusion feature series forecasting. Specifically, we define a multi-protocol-fusion feature (MPFF) to characterize normal network flows. Moreover, we utilize the time-series Autoregressive Integrated Moving Average Model (ARIMA) to formally describe the MPFF sequence, which is subsequently used in network flow forecasting and error calculation. Finally, we present the ARIMA detection model with error correction based on MPFF time series to identify DDoS in SAN. The experimental results show that the proposed method can effectively distinguish attacking flows from normal ones. Compared with previous DDoS detection methods for SAN, the proposed method can achieve better performance of detecting DDoS in terms of detection rate, false-positive rate and time delay.

• 出版日期2018-7
• 单位中国科学院; 中国人民解放军国防科学技术大学; 中国科学院深圳先进技术研究院; 海南大学