Detecting DDoS Attacks Against DNS Servers Using Time Series Analysis

Tongguang Ni, Xiaoqing Gu, Hongyuan Wang

Abstract


Domain Name System (DNS) Service is the basic support of Internet, which security plays a vital role in the entire Internet. Because DNS requests and responses are mostly UDP-based, and the existing large numbers of open recursive DNS servers, it is vulnerable to distributed denial of services (DDoS) attacks. Through the analysis of several aspects of these attacks, a novel approach to detect DDoS attack is proposed based on characteristics of attack traffics (CAT) time series. Then CAT time series are transformed into a multidimensional vector series and a support vector machine (SVM) classifier is applied to identity the attacks. The experiment results show that our approach can identify the state features of the abnormal flow due to the DDoS attacking flows, and detect DDoS attacks accurately

 

DOI : http://dx.doi.org/10.11591/telkomnika.v12i1.3355


Keywords


DNS server; distributed denial of service; time series; support vector machine

Full Text:

PDF

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Indonesian Journal of Electrical Engineering and Computer Science (IJEECS)
p-ISSN: 2502-4752, e-ISSN: 2502-4760
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).

shopify stats IJEECS visitor statistics