Volume 13, Number 4
Use of MARKOV Chain for Early Detecting DDoS Attacks
Authors
Chin-Ling Chen1 and Jian-Ming Chen2, 1National Pingtung University, Taiwan, 2Genesis Technology, Inc., Taiwan
Abstract
DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be represented as the state of the model. Considering the attack type, we use this model to calculate the final attack probability. The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.
Keywords
DDoS, attack detection, Markov chain, TCP SYN flood, ICMP flood, HTTP flood, LAND, UDP flood.