Research on Real-Time Flow Abnormal Traffic Detection System Based on DDoS Attack

This paper describes DDoS attacks in SYN-Flood, ICMP-Flood, NTP-Flood etc. Putting forward a comprehensive and effective traffic anomaly detection algorithm, combining the exponentially weighted moving average algorithm (EWMA), building an abnormal traffic monitoring system. Tianjin Education metropolitan area network is considered as data source to the experiment. To assess the capability of the detection system, we undertake the experiments, and the result shows that the system can detect abnormal flow effectively, and monitor network dynamically.

[1]  Nor Ezam Selan,et al.  Design and implementation of data warehouse with data model using survey-based services data , 2014, Fourth edition of the International Conference on the Innovative Computing Technology (INTECH 2014).

[2]  Jin Wang Properties of EWMA Controllers With Gain Adaptation , 2010, IEEE Transactions on Semiconductor Manufacturing.

[3]  Li Hui,et al.  High performance & real-time traffic analysis in large scale networks , 2010, 2010 International Conference on Educational and Information Technology.

[4]  Aiko Pras,et al.  Towards real-time intrusion detection for NetFlow and IPFIX , 2013, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).

[5]  K. Karibasappa,et al.  Morphological change detection system for real time traffic analysis , 2015, 2015 IEEE International Conference on Computer Graphics, Vision and Information Security (CGVIS).