Chaos Theory Based Detection Against Network Mimicking DDoS Attacks

DDoS attack traffic is difficult to differentiate from legitimate network traffic during transit from the attacker, or zombies, to the victim. In this paper, the authors use the theory of network self-similarity to differentiate DDoS flooding attack traffic from legitimate self-similar traffic in the network. They observed that DDoS traffic causes a strange attractor to develop in the pattern of network traffic. From this observation, they developed a neural network detector trained by their DDoS prediction algorithm. Their preliminary experiments and analysis indicate that their proposed chaotic model can accurately and effectively detect DDoS attack traffic. Their approach has the potential to not only detect attack traffic during transit, but to also filter it.