Detection of Distributed Denial of Service attacks in NMS Proactively

In this paper, we report on testing the idea of proactive detection of Distributed Denial of Service (DDos) attacks.We implemented a software tool for this purpose , and did our experiments on a network management system(NMS).A new approach to implementing the idea is proposed . This method is an anomaly detection method in intrusion detection systems and detects abnormal high traffic in networks.Statistical methods perfrom better than rule-based ones, because if the attack pattern changes slightly, Statistical methods can detect them but rule-based onse cant. To validate this point and provide satisfactory experimental evidence, five DDoS attacks have been chosen and benchmarked on a research testbed, and Management Indormation Base(MIB) variables were recorded in NMS.Offline processing and analysis of these data led us to a model of data through Auto Regressive (AR) and the extended(ARX) models.We found a causal relation between MIB variables in the attacker and the victim machins and found precursors of the attack at victim`s side. After extraction of MIB variables , we designed an alarm system that reports occurance of abnormal traffic. During attacks,the volume of traffic is much higher than normal runs,so this method can detect the attack.