IEICE Communications Express
Online ISSN : 2187-0136
Identifying anomalous traffic using dynamic programing based differential analysis
Keisuke IshibashiTsuyoshi KondohMashiro MaruyoshiTakeshi Kuwahara
Author information

2016 Volume 5 Issue 9 Pages 335-340


This paper proposes an identification method of anomalous traffic such as DDoS attacks. Identification results are represented as a set of aggregated flows; such as source/destination IP address ranges(prefixes), source/destination port numbers and protocols and can be used as ACL (Access Control List) rules at routers. We set requirements for the identification can be summarized as the following three conditions; 1) covering the anomalous traffic, 2) avoiding to cover normal traffic, 3) with small number of aggregated flows. To accomplish these requirements, we propose a method to generate a set of aggregate flow that achieves the highest score representing the requirements by comparing before and after attacks and searching a optimal set with dynamic programming to avoid exponential computation explosion.

Information related to the author
© 2016 The Institute of Electronics, Information and Communication Engineers
Previous article Next article