Domain Name System (DNS) Service is the basic support of Internet, which security plays a vital role in the entire Internet. Because DNS requests and responses are mostly UDP-based, and the existing large numbers of open recursive DNS servers, it is vulnerable to distributed denial of services (DDoS) attacks. Through the analysis of several aspects of these attacks, a novel approach to detect DDoS attack is proposed based on characteristics of attack traffics (CAT) time series. Then CAT time series are transformed into a multidimensional vector series and a support vector machine (SVM) classifier is applied to identity the attacks. The experiment results show that our approach can identify the state features of the abnormal flow due to the DDoS attacking flows, and detect DDoS attacks accurately

DOI : http://dx.doi.org/10.11591/telkomnika.v12i1.3355