In this paper, we propose an effective approach with a supervised learning system based on Linear Discriminant Analysis (LDA) to discriminate legitimate traffic from DDoS attack traffic. Currently, there is a wide outbreak of DDoS attacks that remain risky for the entire Internet. Different attack methods and various attack strategies are trying to challenge DDoS defense systems. Among the behaviors of attack sources, repeatable and predictable features differ from legitimate sources of traffic such as humans and Internet proxies. In addition, the DDoS defense systems lack the learning ability to fine-tune their accuracy of detection results. This paper analyses real trace traffic from publicly available datasets with triple checks of repeatable patterns on attack sources. Pearson's correlation coefficient and Shannon's entropy are deployed for extracting dependency and predictability of traffic data respectively. Then Linear Discriminant Analysis (LDA) is used to train and classify legitimate and attack traffic flows. From the results of our experiment, we can confirm that the proposed discrimination system can differentiate DDoS attacks from legitimate traffic with a high rate of accuracy.

• 出版日期2015-9
• 单位电子科技大学; 浙江大学