creators_name: Li, Yang creators_name: Lu, Tian-Bo creators_name: Guo, Li creators_name: Tian, Zhi-Hong creators_name: Nie, Qin-Wu type: conference_item datestamp: 2009-04-06 19:13:15 lastmod: 2009-04-07 14:03:00 metadata_visibility: show title: Towards Lightweight and Efficient DDoS Attacks Detection for Web Server ispublished: pub full_text_status: public pres_type: poster abstract: In this poster, based on our previous work in building a lightweight DDoS (Distributed Denial-of-Services) attacks detection mechanism for web server using TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) and genetic algorithm based instance selection methods, we further propose a more efficient and effective instance selection method, named E-FCM (Extend Fuzzy C-Means). By using this method, we can obtain much cheaper training time for TCM-KNN while ensuring high detection performance. Therefore, the optimized mechanism is more suitable for lightweight DDoS attacks detection in real network environment. In our previous work, we proposed an effective anomaly detection method based on TCM-KNN (Transductive Confidence Machines for K-Nearest Neighbors) algorithm to fulfill DDoS attacks detection task towards ensuring the QoS of web server. The method is good at detecting network anomalies with high detection rate, high confidence and low false positives than traditional methods, because it combines “strangeness” with “p-values” measures to evaluate the network traffic compared to the conventional ad-hoc thresholds based detection and particular definition based detection. Secondly, we utilize the new objective measurement as the input feature spaces of TCM-KNN, to effectively detect DDoS attack against web server. Finally, we introduce Genetic Algorithm (GA) based instance selection method to boost the real-time detection performance of TCM-KNN and thus make it be an effective and lightweight mechanism for DDoS detection for web servers [4, 5]. However, we found the computational cost for GA is expensive, which results in high training time for TCM-KNN. date: 2009-04 pagerange: 1139-1139 event_title: 18th International World Wide Web Conference event_location: Madrid, Spain event_dates: April 20th-24th, 2009 event_type: conference refereed: TRUE citation: Li, Yang and Lu, Tian-Bo and Guo, Li and Tian, Zhi-Hong and Nie, Qin-Wu (2009) Towards Lightweight and Efficient DDoS Attacks Detection for Web Server. In: 18th International World Wide Web Conference, April 20th-24th, 2009, Madrid, Spain. document_url: http://www2009.eprints.org/150/1/p1139.pdf