Anomaly Detection for DDoS Attacks Based on Gini Coefficient
Yun Liu, Siyu Jiang, Jiuming Huang
Available Online August 2013.
- https://doi.org/10.2991/icaicte.2013.129How to use a DOI?
- anomaly detection, Gini coefficient, TCM-KNN algorithm
- Distributed Denial-of-Service (DDoS) attacks present a very serious threat to the stability of the Internet. In this paper, an anomaly detection method for DDoS attacks based on Gini coefficient is pro-posed. First, Gini coefficient is introduced to measure the inequalities of packet attribution (IP addresses and ports) distributions during attacks. Then, an im-proved TCM-KNN algorithm is applied to identify attacks by classifying the Gini coefficient samples extracted from real-time network traffic. The experimental results demonstrate that the proposed method can effectively distinguish DDoS attacks from normal traffic, and has higher detection ratio and lower false alarm ratio than similar detection methods.
- Open Access
- This is an open access article distributed under the CC BY-NC license.
Cite this article
TY - CONF AU - Yun Liu AU - Siyu Jiang AU - Jiuming Huang PY - 2013/08 DA - 2013/08 TI - Anomaly Detection for DDoS Attacks Based on Gini Coefficient BT - 2013 International Conference on Advanced ICT and Education (ICAICTE-13) PB - Atlantis Press SP - 632 EP - 637 SN - 1951-6851 UR - https://doi.org/10.2991/icaicte.2013.129 DO - https://doi.org/10.2991/icaicte.2013.129 ID - Liu2013/08 ER -