Data availability should be guaranteed by a web service in order to satisfy customers. One of the main challenges of information security professionals is DDoS attack which affects the availability. By masquerading itself as a legitimate user, a DDoS attacker tries to overwhelm a server by sending a great number of useless packets that influences the quality of service (QoS) of the network. DDoS attack can result in a great damage to network services. Useless packets similar to normal ones are dispatched by the attacker which leaves the intrusion detection system impotent of detection. Transferring from conventional packet-based analysis methods to time series based (flow-based) algorithms would be a promising alternative to spot DDoS attacks. In this work, we extract four measures of periodicity, kurtosis, skewness and self-similarity of a time series and investigate the performance of these parameters in separating DDoS attack from normal traffic.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited