• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Traffic Seasonality aware Threshold Adjustment for Effective Source-side DoS Attack Detection


Abstract

In order to detect Denial of Service (DoS) attacks, victim-side detection methods are used popularly such as static threshold-based method and machine learning-based method. However, as DoS attacking methods become more sophisticated, these methods reveal some natural disadvantages such as the late detection and the difficulty of tracing back attackers. Recently, in order to mitigate these drawbacks, source-side DoS detection methods have been researched. But, the source-side DoS detection methods have limitations if the volume of attack traffic is relatively very small and it is blended into legitimate traffic. Especially, with the subtle attack traffic, DoS detection methods may suffer from high false positive, considering legitimate traffic as attack traffic. In this paper, we propose an effective source-side DoS detection method with traffic seasonality aware adaptive threshold. The threshold of detecting DoS attack is adjusted adaptively to the fluctuated legitimate traffic in order to detect subtle attack traffic. Moreover, by understanding the seasonality of legitimate traffic, the threshold can be updated more carefully even though subtle attack happens and it helps to achieve low false positive. The extensive evaluation with the real traffic logs presents that the proposed method achieves very high detection rate over 90% with low false positive rate down to 5%.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
G. Nguyen, V. Nguyen, S. Nguyen, K. Kim, "Traffic Seasonality aware Threshold Adjustment for Effective Source-side DoS Attack Detection," KSII Transactions on Internet and Information Systems, vol. 13, no. 5, pp. 2651-2673, 2019. DOI: 10.3837/tiis.2019.05.023.

[ACM Style]
Giang-Truong Nguyen, Van-Quyet Nguyen, Sinh-Ngoc Nguyen, and Kyungbaek Kim. 2019. Traffic Seasonality aware Threshold Adjustment for Effective Source-side DoS Attack Detection. KSII Transactions on Internet and Information Systems, 13, 5, (2019), 2651-2673. DOI: 10.3837/tiis.2019.05.023.

[BibTeX Style]
@article{tiis:22108, title="Traffic Seasonality aware Threshold Adjustment for Effective Source-side DoS Attack Detection", author="Giang-Truong Nguyen and Van-Quyet Nguyen and Sinh-Ngoc Nguyen and Kyungbaek Kim and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2019.05.023}, volume={13}, number={5}, year="2019", month={May}, pages={2651-2673}}