Linear Regression Based DDoS Attack Detection

DDoS attacks are increasing alongside the growth of web-based services. Existing research proposes a number of anomaly-based techniques which analyse network traffic to detect such attacks. However, these techniques typically raise a number of false positives, specifically due to the occurrence of spikes in the network traffic, which must be distinguished from genuine attacks. To reduce such false positives, we propose a linear regression based DDoS attack detection technique, which is based on the hypothesis that there is a positive correlation between average and standard deviation of the network throughput in a window-based time series, and this correlation is affected due to DDoS attacks. We evaluate the performance of the proposed technique by running experiments on real-world network traffic and the CAIDA DDoS attack 2007 dataset. We also compare the proposed technique against average and entropy based one class classification techniques, which represent the state-of-the-art linear classification techniques to detect DDoS attacks. Evaluation results demonstrate that the proposed linear regression based technique reduces the false positives significantly while maintaining the accuracy of attack detection.