Estimating strength of DDoS attack using various regression models

TL;DR

This paper evaluates the use of various regression models to estimate the strength of DDoS attacks by analyzing deviations in network traffic, demonstrating promising results with low error rates in simulated environments.

Contribution

It introduces a novel approach that utilizes deviation from normal traffic profiles to estimate DDoS attack strength using multiple regression models.

Findings

Regression models accurately estimate attack strength with low error rates.

Simulation results show effective DDoS strength estimation across different network topologies.

Various statistical measures confirm the robustness of the proposed approach.

Abstract

Anomaly-based DDoS detection systems construct profile of the traffic normally seen in the network, and identify anomalies whenever traffic deviate from normal profile beyond a threshold. This extend of deviation is normally not utilised. This paper reports the evaluation results of proposed approach that utilises this extend of deviation from detection threshold to estimate strength of DDoS attack using various regression models. A relationship is established between number of zombies and observed deviation in sample entropy. Various statistical performance measures, such as coefficient of determination (R2), coefficient of correlation (CC), sum of square error (SSE), mean square error (MSE), root mean square error (RMSE), normalised mean square error (NMSE), Nash-Sutcliffe efficiency index ({\eta}) and mean absolute error (MAE) are used to measure the performance of various regression models. Internet type topologies used for simulation are generated using transit-stub model of GT-ITM topology generator. NS-2 network simulator on Linux platform is used as simulation test bed for launching DDoS attacks with varied attack strength. A comparative study is performed using different regression models for estimating strength of DDoS attack. The simulation results are promising as we are able to estimate strength of DDoS attack efficiently with very less error rate using various regression models.