Detecção de DDoS Através da Análise da Quantificação da Recorrência Baseada na Extração de Características Dinâmicas e Clusterização Adaptativa

  • Marcelo Antonio Righi UFSM
  • Raul Ceretta Nunes UFSM


The high number of Distributed Denial of Service (DDoS) attacks have demanded innovative solutions to guarantee reliability and availability of internet services. In this sense, different methods have been used to analyze network traffic for denial of service attacks, such as neural networks, decision trees, principal component analysis and others. However, few of them explore dynamic features to classify network traffic. This article proposes a new method, called DDoSbyAQR,that uses the recurrence quantification analysis based on the extraction of dynamic characteristics and an adaptive clustering algorithm (A-kmeans) to perform better classification of the attack network traffic. The experiments were done using the CAIDA and UCLA databases and have demonstrated ability to increase the accuracy (98.41%) of DDoS detection.


Bhatia, S. K. (2004). Adaptive K-Means Clustering. Proc. of the Int. Florida Artificial Intelligence Research Society Conference, Miami, AAAI, pp. 695-699.

Bhaya, W., Manaa, M. E. (2014). A Proactive DDoS Attack Detection Approach Using Data Mining Cluster Analysis. Journal of Next Generation Information Technology (JNIT) Volume 5, nº 4.

Eckmann, J. P., Kamphorst, S. O., Ruelle, D. (1987). Recurrence plots of dynamical systems. Europhys. Lett., 56(5), p. 973-977.

Grossglauser, M., Bolot, J. C. (1999). On the relevance of long-range dependence in network traffic. IEEE/M Transactions on Networking, 7(5): p. 629-640.

Jeyanthi, N.; Thandeeswaran, R.; Vinithra, J. (2014). RQA based approach to detect and prevent DDoS attacks in VoIP networks, Cybernetics and Information Technologies. v. 14, p. 11-24.

Kumar, C. A.; Bhargavi, K.; Garima, J. (2012). A Note on Implementing Recurrence Quantification Analysis for Network Anomaly Detection. Defence Science Journal, [S.l.], v. 62, n. 2, p. 112-116.

Limwiwatkul, L., Rungsawang, A. (2006). Distributed denial of service detection using TCP/IP header and traffic measurement analysis. Proceedings of the IEEE International Symposium Communications and Information Technology, Sapporo, Japan, 26-29 October, p. 605-610. IEEE CS.

Marwan, N. (2003). Encounters With Neighbours - Current Developments of Concepts Based on Recurrence Plots and Their Applications. Ph.D. thesis, University of Potsdam.

Marwan, N., Kurths, J. (2005). Line structures in recurrence plots. Physics Letters A, 336(4-5), p. 349-357.

Marwan, N., Webber, C.L., Jr. (2015). Mathematical and computational foundations of recurrence quantifications. In: Recurrence Quantification Analysis: Theory and Best Practices. Springer Series: Understanding Complex Systems. Springer International Publishing, Cham, Switzerland, p. 1-41.

Nguyen, H. and Choi, Y. (2010). Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework. International Journal of Electrical and Electronics Engineering, Vol. 4, nº 4.

Oo, T. T., Phyu, T. (2013). A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), Volume 2, Issue 5.

Palmieri, F., Fiore, U. (2010). Network anomaly detection through nonlinear analysis, Computers & Security, 29(7), p. 737-755.

Rahmani H., Sahli, N., Kammoun, F. (2009). Joint Entropy Analysis Model for DDoS Attack Detection. In International Conference on Information Assurance and Security, p. 267-271.

Raut, A.S., Singh, K. R. (2014). Anomaly Based Intrusion Detection-A Review. Int. J. on Network Security, Vol. 5.

Righi, M. A., Nunes, R. C. (2015). Detecção de DDoS Através da Análise da Recorrência Baseada na Extração de Características Dinâmicas. Anais do XV Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais - SBSeg 2015, p. 314-317.

Silva, J. L. C., Maia, J. E. B., Fonseca, N. L. S. (2012). Identificação de Ataques em Redes de Computadores usando Comitê de Classificadores. Anais do XXX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, p. 263-276.

Suresh, M., Anitha, R. (2011). Evaluating Machine Learning Algorithms for Detecting DDoS Attacks. In 4th international Conference on Advances in Network Security and Applications (CNSA), p. 441-452.

The CAIDA "DDoS Attack 2007" Dataset - < Acesso em 15 maio 2015 11:12h >

The CAIDA UCSD Anonymized Internet Traces 2008 - < Acesso em 05 maio 2015 11:12h >

Tsai, C. F., Hsu, Y. F., Lin, C. Y. e Lin, W. Y. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications, v. 36, n. 10, p. 11994-12000. UCLA CSD packet traces.

Vieira, V. J. D., Costa, S. C., Costa, W. C. A. (2012). Análise de Quantificação de Recorrência e Análise Discriminante Aplicadas à  Classificação de Sinais de Vozes Saudáveis e Sinais de Vozes Patológicas. In: Anais do VII CONNEPI©2012; ISBN 978-85-62830-10-5, Palmas-TO, Brasil.

Webber, C. L., Marwan, N. (2015). Recurrence Quantification Analysis: Theory and Best Practices. Springer series: Understanding Complex Systems. Springer International Publishing, Cham Switzerland.

Willinger, W., Paxson, V., Taqqu, M. S. (1998). Self-similarity and heavy tail: structural modeling of network traffic, A Pratical Guide to Heavy Tails: Statistical Techniques and Applications. ISBN:0-8176-3951-9, p. 27-53, BirkhRauser, Boston, USA.

Wu, Y. C., Tseng, H. R., Yang, W., and Jan, R. H. (2011). DDoS detection and traceback with decision tree and grey relational analysis. International Journal of Ad Hoc and Ubiquitous Computing, 7, p. 121-136.

Yuan, J., Yuan, R., Chen, X. (2014). Network Anomaly Detection based on Multi-scale Dynamic Characteristics of Traffic. INT J COMPUT COMMUN, ISSN 1841-9836, 9(1), p. 101-112.

Zhong, R. and Yue, G. (2010). DDoS detection system based on data mining. Proceedings of the 2nd International Symposium on Networking and Network Security, Jinggangshan, China, 2-4 April, p. 062-065. Academy Publisher.
Como Citar

Selecione um Formato
RIGHI, Marcelo Antonio; NUNES, Raul Ceretta. Detecção de DDoS Através da Análise da Quantificação da Recorrência Baseada na Extração de Características Dinâmicas e Clusterização Adaptativa. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 16. , 2016, Niterói. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2016 . p. 380-393. DOI:

Artigos mais lidos do(s) mesmo(s) autor(es)