www.icact.org

Now 278 visitors
Today:138 Yesterday:382
Total: 1122 413S 88P 97R
2026-04-18, Week 16

Member Login

Welcome Message

Statistics & History

Committee

TACT Journal Homepage

Call for Paper

Paper Submission

Find My Paper

Author Homepage

Paper Procedure

FAQ

Registration & Invoice

Paper Archives

Outstanding Papers

Program & Proceedings

Presentation Platform

Hotel & Travel Info

Photo Gallery

Scheduler Login

Seminar

Archives Login

Sponsors

Online Q&A Session


Paper Number	Author:
Paper Title
Keyword
Q&A Number	**Select your question number !!
Questioner eMail:
Question	How the classification of DDoS detection items and the items necessary for DDoS detection were chosen?
Answer by Author	Six DDoS detection categories were identified by referring to R. Braga, E. Mota and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," IEEE Local Computer Network Conference, 2010, pp. 408-415, doi: 10.1109/LCN.2010.5735752. Average of Packets per flow, Average of Bytes per flow, Average of duration per flow, Percentage of pair flow, Growth of single flow, Growth of different ports. Through this, the Total Packer Number was extracted based on the Average of Packets per flow, and the Total Data Size was extracted through the Average of Bytes per flow. In addition, different src IP, Port and Same dst IP, and Port Pair were extracted through Percentage of pair flow and Growth of different ports. After extracting these four attributes, the three attributes to be set on the X, Y, and Z axes were continuously changed src IP by several zombie PCs due to the nature of the DDoS attack, so the src IP and same dst IP pairs were classified, and large amounts of traffic during attacks, so use the number of packets and the size of data.

Save Q&A
* Edit or answer any Q&A by selecting Q&A number Hyper Link below + Write button (Save)

ICACT20220359 Question.1 Questioner: 201127035@fzu.edu.cn 2022-02-14 오후 2:32:14	ICACT20220359 Answer.1 Answer by Auhor shyoon17@korea.ac.kr 2022-02-14 오후 2:32:14 Chrome Click!!
Is there any research on the transformation of the clustering results according to the K value?	Basically, the K-medoids algorithm is an algorithm that clusters according to the set value of k. That is, the k value means the number of each medoid, that is, the number of divided sets. When the number of sets is divided, the measured results also change. In "B. Pardeshi and D. Toshniwal, "Improved k-medoids clustering based on cluster validity index and object density," 2010 IEEE 2nd International Advance Computing Conference (IACC), 2010, pp. 379-384, doi: 10.1109/IADCC.2010.5422924.", which conducted a study on the efficiency of K-medoids, it can be seen that the result value of clustering varies according to the change of k value. In this paper, the k value was set to 2 to make it easier to classify normal and offensive traffic, and we divided it into normal traffic sets and attack sets, respectively.
ICACT20220359 Question.2 Questioner: 201127035@fzu.edu.cn 2022-02-14 오후 3:36:56	ICACT20220359 Answer.2 Answer by Auhor shyoon17@korea.ac.kr 2022-02-14 오후 3:36:56 Chrome Click!!
How the classification of DDoS detection items and the items necessary for DDoS detection were chosen?	Six DDoS detection categories were identified by referring to R. Braga, E. Mota and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," IEEE Local Computer Network Conference, 2010, pp. 408-415, doi: 10.1109/LCN.2010.5735752. Average of Packets per flow, Average of Bytes per flow, Average of duration per flow, Percentage of pair flow, Growth of single flow, Growth of different ports. Through this, the Total Packer Number was extracted based on the Average of Packets per flow, and the Total Data Size was extracted through the Average of Bytes per flow. In addition, different src IP, Port and Same dst IP, and Port Pair were extracted through Percentage of pair flow and Growth of different ports. After extracting these four attributes, the three attributes to be set on the X, Y, and Z axes were continuously changed src IP by several zombie PCs due to the nature of the DDoS attack, so the src IP and same dst IP pairs were classified, and large amounts of traffic during attacks, so use the number of packets and the size of data.
ICACT20220359 Question.3 Questioner: 201127035@fzu.edu.cn 2022-02-15 오후 2:24:21	ICACT20220359 Answer.3 Answer by Auhor shyoon17@korea.ac.kr 2022-02-15 오후 2:24:21 Chrome Click!!
The dataset in paper is represented by a total of 1,001 data, of which 852 attacks and 149 attacks are included. Will there be similar simulation results for other datasets?	Referenced the DDoS data set at http://data.caida.org. The content of the corresponding DDoS data set stated on the site contains 1,581 points, of which 1,547 normal and 34 attacks are included. In this dataset, DDoS attack simulation was performed with 852 normal and 149 attacks out of 1,001 to confirm that DDoS attacks are properly detected by increasing the attack weight of this dataset.
ICACT20220359 Question.4 Questioner: tomayoon@ieee.org 2022-02-14 오후 4:32:51	ICACT20220359 Answer.4 Answer by Auhor shyoon17@korea.ac.kr 2022-02-14 오후 4:32:51 Chrome Click!!
First of all, thank you for the good research paper and presentation contents. I would like to know more about the research environment used in this study, and also in detail about the equipment & operating systems, development languages and software libraries you used.	Zombie PC was used to simulate the attack, and os used Linux. In addition, the language used to implement the simulation was implemented using C, python.
ICACT20220359 Question.5 Questioner: gmpdf.7704@ruri.waseda.jp 2022-02-14 오후 4:19:17	ICACT20220359 Answer.5 Answer by Auhor shyoon17@korea.ac.kr 2022-02-14 오후 4:19:17 Chrome Click!!
Thank you very much for your presentation. I have a question regarding the accuracy on slide 16: How high are the results of the True Positive Rate compared to other existing methods of detecting DDoS attacks?	There is an algorithm performance evaluation index using the KDD99 dataset. In this indicator, TPRs of SVM, KNN, Navie Bayesian, and Decision Tree commonly used for DDoS detection were checked. Each TPR result was derived from 0.934, 0.903, 0.945, and 0.834. This was confirmed to be lower than the TPR result of the K-medoids algorithm applied in this paper, 0.959.
ICACT20220359 Question.6 Questioner: jongjcho@korea.ac.kr 2022-02-14 오후 4:22:53	ICACT20220359 Answer.6 Answer by Auhor shyoon17@korea.ac.kr 2022-02-14 오후 4:22:53 Chrome Click!!
It is a very interesting topic. however, May I ask you what is exactly the K value?	the K-medoids algorithm is an algorithm that clusters according to the set value of k. That is, the k value means the number of each medoid, that is, the number of divided sets. Each data is classified based on the divided set.
ICACT20220359 Question.7 Questioner: ehtm94@korea.ac.kr 2022-02-16 오후 2:30:46	ICACT20220359 Answer.7 Answer by Auhor shyoon17@korea.ac.kr 2022-02-16 오후 2:30:46 Chrome Click!!
Dear author, you have a very interesting research. What are some other detection techniques?	Detection is also possible with techniques such as SVM, KNN, Navie Bayesian, and Decision Tree.
ICACT20220359 Question.8 Questioner: hieu.ln@ou.edu.vn 2022-02-16 오후 11:35:00	ICACT20220359 Answer.8 Answer by Auhor shyoon17@korea.ac.kr 2022-02-16 오후 11:35:00 Chrome Click!!
Thank you for your good research paper. I'd like to ask you why don't you choose other algorithms in this field of research, what is the strength of K-medoids algorithm?

Now 278 visitors Today:138 Yesterday:382 Total: 1122 413S 88P 97R 2026-04-18, Week 16

Now 278 visitors
Today:138 Yesterday:382
Total: 1122 413S 88P 97R
2026-04-18, Week 16