Research Article
Data Mining Approaches for IP Address Clustering
@INPROCEEDINGS{10.1007/978-3-319-74176-5_23, author={Madeleine Kongshavn and Anis Yazidi and H\ae{}rek Haugerud and Hugo Hammer}, title={Data Mining Approaches for IP Address Clustering}, proceedings={Industrial Networks and Intelligent Systems. 3rd International Conference, INISCOM 2017, Ho Chi Minh City, Vietnam, September 4, 2017, Proceedings}, proceedings_a={INISCOM}, year={2018}, month={1}, keywords={}, doi={10.1007/978-3-319-74176-5_23} }- Madeleine Kongshavn
Anis Yazidi
Hårek Haugerud
Hugo Hammer
Year: 2018
Data Mining Approaches for IP Address Clustering
INISCOM
Springer
DOI: 10.1007/978-3-319-74176-5_23
Abstract
Distributed Denial of Service (DDoS) attacks have for the last two decades been among the greatest threats facing the internet infrastructure. Mitigating DDoS attacks is a particularly challenging task as an attacker masks the attack traffic among legitimate users. Mitigation approaches within DDoS has therefore often been investigated within the field of anomaly intrusion detection. This means that even a successful mitigation approach will risk a high disregard of legitimate users. This article proposes to use data mining and machine learning approaches to find unique hidden data structures which keep a high degree of accepted legitimate traffic, while still being able to remove illegitimate and irrelevant data traffic which don’t follow the hidden structure. In this perspective, we devise and evaluate two novel IP Address clustering algorithms for DDoS mitigation, namely, Geographical Clustering (GC) and Reduced Geographical Clustering (RGC).