AnubisFlow: A Feature Extractor for Distributed Denial of Service Attack Classification

The detection and mitigation of DDoS attacks require a system to analyze and process the incoming network flow in a live capture manner. In this scenario, an efficient analysis depends on a good set of features to classify the traffic. With this goal in mind, we propose a technique based on a new set of features that are computationally inexpensive and descriptive of the data stream. Moreover, the technique considers the flows in many moments, not only when they are finished. We analyze its predicting performance by creating a decision tree model and a logistic regression, which achieved 99.98% and 95.99% Cohen's Kappa coefficient, respectively. In spirit with the recent trend toward reproducibility of research results, we integrate the proposal in an open-source tool called AnubisFlow. Also, our analysis for the models is available as open data to the scientific community. (AU)