Statistical Measures: Promising Features for Time Series Based DDoS Attack Detection

Data availability should be guaranteed by a web service in order to satisfy customers. One of the main challenges of information security professionals is DDoS attack which affects the availability. By masquerading itself as a legitimate user, a DDoS attacker tries to overwhelm a server by sending a great number of useless packets that influences the quality of service (QoS) of the network. DDoS attack can result in a great damage to network services. Useless packets similar to normal ones are dispatched by the attacker which leaves the intrusion detection system impotent of detection. Transferring from conventional packet-based analysis methods to time series based (flow-based) algorithms would be a promising alternative to spot DDoS attacks. In this work, we extract four measures of periodicity, kurtosis, skewness and self-similarity of a time series and investigate the performance of these parameters in separating DDoS attack from normal traffic