A principal components analysis-based robust DDoS defense system

Huizhong Sun, Yan Zhaung, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution


One of the major threats to cyber security is the Distributed Denial-of-Service (DDoS) attack. In our previous projects, PacketScore, ALPi, and other statistical filtering-based approaches defend DDoS attacks via fine-grain comparisons between the measured current traffic profile and the victim's nominal profile. These schemes can tackle virtually all kinds of DDoS attacks, even never-before-seen attack types, due to the underlying statistics-based adaptive differentiation. The viability of those aforementioned statistical filtering defense systems is based on the premise that attackers do not know the victim's nominal traffic profile and, thus, cannot fake legitimate traffic. However, a sophisticated DDoS attacker might circumvent the defense system by discovering the statistical filtering rules and then controlling zombies to generate flooding traffic according to these discovered rules. This type of sophisticated attack seriously threatens the current Internet and has not yet been solved. In this paper, we propose a Principal Components Analysis (PCA)-based DDoS defense system, which extracts nominal traffic characteristics by analyzing intrinsic dependency across multiple attribute values. The PCA-based scheme differentiates attacking packets from legitimate ones by checking if the current traffic volume of the associated attribute value violates the intrinsic dependency of nominal traffic. The correlation among different attributes makes it more difficult for the attacker to accurately discover the statistic filtering rules and, thus, makes it highly robust to cope with new and more sophisticated attacks.

Original languageEnglish (US)
Title of host publicationICC 2008 - IEEE International Conference on Communications, Proceedings
Number of pages7
StatePublished - 2008
EventIEEE International Conference on Communications, ICC 2008 - Beijing, China
Duration: May 19 2008May 23 2008

Publication series

NameIEEE International Conference on Communications
ISSN (Print)0536-1486


OtherIEEE International Conference on Communications, ICC 2008


  • Distributed denial-of-service attack
  • Principal component analysis
  • Selective packet discarding
  • Statistical filtering rules

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'A principal components analysis-based robust DDoS defense system'. Together they form a unique fingerprint.

Cite this