Use of MARKOV Chain for Early Detecting DDoS Attacks

Volume 13, Number 4

Use of MARKOV Chain for Early Detecting DDoS Attacks

Authors

Chin-Ling Chen¹ and Jian-Ming Chen², ¹National Pingtung University, Taiwan, ²Genesis Technology, Inc., Taiwan

Abstract

DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be represented as the state of the model. Considering the attack type, we use this model to calculate the final attack probability. The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.

Keywords

DDoS, attack detection, Markov chain, TCP SYN flood, ICMP flood, HTTP flood, LAND, UDP flood.

Scope & Topics
Ethics
Archives
Most Cited Articles
Download leaflet
FAQ