A summary of the two algorithms for DDoS detection proposed by Yeonhee Lee and Yeonhee Lee in the paper Detecting DDoS Attacks with Hadoop:
- Counter based method: this method relies on three key parameters: time interval which is the duration during which packets are to be analyzed, threshold which indicates frequency of requests and unbalance ratio which denotes the anomaly ratio of response per page requested between specific client and server.
- Access pattern based method: this method requires more than two MapReduce jobs:
- the first job obtains access sequence to the web page between a client and a web server and calculates the spending time and the bytes count for each request of the URL;
- the second job hunts out infected hosts by comparing the access sequence and the spending time among clients trying to access the same server.
Original title and link: MapReduce-based DDoS Detection Algorithms With Hadoop ( ©myNoSQL)