Abstract

In this paper, we propose a proactive security method that estimates distributed denial of service (DDoS) attack volume in order to overcome the limitation of the response time of reactive security systems based on intrusion detection. To that end, we define and discuss network intrusion forecasting and intrusion factors in comparison to intrusion detection. Intrusion factors for a DDoS attack are also analyzed and collected from the Honeynet system. Based on the data from the Honeynet system, we conduct correlation and regression analysis, both statistical approaches, to predict the potential DDoS attack volume for the network security of our university. By combining network intrusion detection with intrusion forecasting, network operators can take active countermeasures based on the forecasting results and strengthen the network security.