Date Added: Mar 2012
Distributed Denial of Service (DDoS) attack is a continuous threat to the Internet. It is critical to traceback the source of attacks. When the attacks with small number attack packet rates and attack strength length is less than the normal flows cannot be undetectable. The authors' approach on the detection based on document dataset is introduced. Access Matrix is defined to capture the spatial-temporal patterns of a normal attacks. Principal component analysis and independent component analysis are applied to abstract the multidimensional Access Matrix. A novel anomaly detector based on hidden semi-Markov model is proposed to describe the dynamics of Access Matrix and to detect the attacks. The entropy of document dataset appropriate to the model is used to detect the DDoS attacks.