Skip to main content

Time Series Similarity for Detecting DDoS Flooding Attack

Research Authors
Fatma A. Hussain and Dalia Nashat
Research Department
Research Journal
Assiut University Journal of Multidisciplinary Scientific Research
Research Vol
51
Research Year
2022
Research_Pages
229-241
Research Abstract

Distributed Denial of Service attack (DDoS) is one of many types that hit computer networks. For security specialists, this attack is one of their main concerns. The DDoS flooding attack prevents the legitimate users from using their desired services by consuming the server resources. It includes many types depending on the targeted layer as example, SYN flooding attack and UDP attack are lunched into the network layer, while the HTTP flooding attack and DNS attack into the application layer. The DDoS flooding attack takes use of a flaw in the internet routing system by flooding the server with packets bearing faked IP addresses. Due to the internet routing infrastructure's inability to discriminate between spoofed and legitimate packets, using these spoofed IP addresses makes it difficult to detect this attack. Based on time series similarity measurement, we offer a new detection approach for DDoS flooding attacks in this paper. By computing the cost function value and by comparing this value with a modified adaptive threshold, legal and malicious traffic intervals can be clearly distinguished. Our results show the efficiency of the proposed detection approach through the obtained detection rates.