In this article, we consider the detection of suspiciously high correlation between malicious Internet users that are collaborating in order to cause a Distributed Denial of Service (DDoS) attack. The main goal is to obtain a method for judging correlated misbehaviour among the requests that are issued by different users, aiming to recognize early enough any abnormal behaviour and avoid the full consequences of the DDoS attack. The identification is based on the frequencies with which users issue (simultaneous) requests and is accomplished through the analysis of the data traffic using the requests for connection across the concerned network over a period of time. The paper models normal and malicious behaviour via hidden Markov models, and analyses the performance of the proposed detection method using both mathematical reasoning and simulations. Evaluations of the proposed method on real data sets and comparisons of its performance against existing related methodologies are also provided.

在本文中，我们将考虑检测正在协作以引起分布式拒绝服务（DDoS）攻击的恶意Internet用户之间的高度相关性。主要目标是获得一种方法来判断不同用户发出的请求之间的相关不当行为，旨在尽早识别出任何异常行为并避免DDoS攻击的全部后果。标识基于用户发出（同时）请求的频率，并通过使用一段时间内跨相关网络的连接请求对数据流量进行分析来完成。本文通过隐马尔可夫模型对正常和恶意行为进行建模，并使用数学推理和仿真方法分析了所提出的检测方法的性能。