Detecting DDoS Attack Based on Multi-Class SVM

In order to detect distributed denial of service (DDoS) attacks with support vector machine (SVM) measures, the feature vectors that can distinguish normal stream from attack stream are required. According to the characters of DDoS attacks, a group of relative value features are proposed. For indicating the existence and attack intensity of DDoS attack simultaneously, multi-class SVM (MCSVM) is introduced to detecting DDoS Attacks. As shown in our numeric experiments, the combination of RLT features and MCSVM can detect several kinds of DDoS attacks effectively and indicate attack intensity precisely. The detection results are better than other detection measures. Because the RLT features include more attack information than the detection measures using single attack character, a better detection result is available.