Probabilistic Neural Network based attack traffic classification

Abstract

This paper surveys with the emerging research on various methods to identify the legitimate/illegitimate traffic on the network. Here, the focus is on the effective early detection scheme for distinguishing Distributed Denial of Service (DDoS) attack traffic from normal flash crowd traffic. The basic characteristics used to distinguish Distributed Denial of Service (DDoS) attacks from flash crowds are access intents, client request rates, cluster overlap, distribution of source IP address, distribution of clients and speed of traffic. Various techniques related to these metrics are clearly illustrated and corresponding limitations are listed out with their justification. A new method is proposed in this paper which builds a reliable identification model for flash crowd and DDoS attacks. The proposed Probabilistic Neural Network based traffic pattern classification method is used for effective classification of attack traffic from legitimate traffic. The proposed technique uses the normal traffic profile for their classification process which consists of single and joint distribution of various packet attributes. The normal profile contains uniqueness in traffic distribution and also hard for the attackers to mimic as legitimate flow. The proposed method achieves highest classification accuracy for DDoS flooding attacks with less than 1% of false positive rate.