Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2016 (2016), Article ID 1467051, 10 pages
http://dx.doi.org/10.1155/2016/1467051
Research Article

A Novel Real-Time DDoS Attack Detection Mechanism Based on MDRA Algorithm in Big Data

Bin Jia,1,2,3 Yan Ma,1 Xiaohong Huang,1 Zhaowen Lin,1,2,3 and Yi Sun2,3,4

1Information and Network Center, Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
2Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang 050081, China
3National Engineering Laboratory for Mobile Network Security (No. [2013] 2685), Beijing 100876, China
4Network and Information Center, Institute of Network Technology and Institute of Sensing Technology and Business, Beijing University of Posts and Telecommunications, Beijing 100876, China

Received 25 March 2016; Revised 25 July 2016; Accepted 10 August 2016

Academic Editor: Nazrul Islam

Copyright © 2016 Bin Jia et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

In the wake of the rapid development and wide application of information technology and Internet, our society has come into the information explosion era. Meanwhile, it brings in new and severe challenges to the field of network attack behavior detection due to the explosive growth and high complexity of network traffic. Therefore, an effective and efficient detection mechanism that can detect attack behavior from large scale of network traffic plays an important role. In this paper, we focus on how to distinguish the attack traffic from normal data flows in Big Data and propose a novel real-time DDoS attack detection mechanism based on Multivariate Dimensionality Reduction Analysis (MDRA). In this mechanism, we first reduce the dimensionality of multiple characteristic variables in a network traffic record by Principal Component Analysis (PCA). Then, we analyze the correlation of the lower dimensional variables. Finally, the attack traffic can be differentiated from the normal traffic by MDRA and Mahalanobis distance (MD). Compared with previous research methods, our experimental results show that higher precision rate is achieved and it approximates to 100% in True Negative Rate (TNR) for detection; CPU computing time is one-eightieth and memory resource consumption is one-third of the previous detection method based on Multivariate Correlation Analysis (MCA); computing complexity is constant.