Detecting and tracing DDoS attacks by Intelligent Decision Prototype

Over the last couple of months a large number of Distributed Denial of Service (DDoS) attacks have occurred across the world, especially targeting those who provide web services. IP traceback, a counter measure against DDoS, is the ability to trace IP packets back to the true source/s of the attack. In this paper, an IP traceback scheme using a machine learning technique called Intelligent Decision Prototype (IDP), is proposed. IDP can be used on both Probabilistic Packet Marking (PPM) and Deterministic Packet Marking (DPM) traceback schemes to identify DDoS attacks. This will greatly reduce the packets that are marked and in effect make the system more efficient and effective attracing the source of an attack compared with other methods. IDP can be applied to many security systems such as Data Mining, Forensic Analysis, Intrusion Detection Systems (IDS) and DDoS defense systems.