Authors: Hoai-Vu Nguyen, Yongsun Choi

Abstract:

Distributed denial-of-service (DDoS) attacks pose a serious threat to network security. There have been a lot of methodologies and tools devised to detect DDoS attacks and reduce the damage they cause. Still, most of the methods cannot simultaneously achieve (1) efficient detection with a small number of false alarms and (2) real-time transfer of packets. Here, we introduce a method for proactive detection of DDoS attacks, by classifying the network status, to be utilized in the detection stage of the proposed anti-DDoS framework. Initially, we analyse the DDoS architecture and obtain details of its phases. Then, we investigate the procedures of DDoS attacks and select variables based on these features. Finally, we apply the k-nearest neighbour (k-NN) method to classify the network status into each phase of DDoS attack. The simulation result showed that each phase of the attack scenario is classified well and we could detect DDoS attack in the early stage.

Keywords: distributed denial-of-service (DDoS), k-nearestneighbor classifier (k-NN), anti-DDoS framework, DDoS detection.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1072908

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3288

References:

[1] J.B.D. Cabrera, et al. "Proactive detection of distributed denial of service attacks using MIB traffic variablesÔÇöa feasibility study", Proceedings of the seventh IFIP/IEEE International Symposium on Integrated Network Management, Seattle, May, 2001, pp. 1-14.
[2] S. Chebrolu, A. Abraham, and P. J. Thomas, "Feature deduction and ensemble design of intrusion detection systems", Computers & Security, Vol. 24, issue 4, pp. 295-307. 2005.
[3] D. Gavrilis, and E. Dermatas, "Real-time detection of distributed denialof- service attacks using RBF networks and statistical features", Computer Networks, Vol. 48, issue 2, pp. 235-245. 2005.
[4] G. Guo, H. Wang, D. Bell, Y. Bi, and K. Greer, "Using kNN model for automatic text categorization", Soft Computing - A Fusion of Foundations, Methodologies and Applications, Vol. 10, No. 5, pp. 423- 430. 2006.
[5] S. Haykin, Neural Networks: A Comprehensive Foundation, Upper Saddle River, Prentice Hall, New Jersey, 1994.
[6] J. Ioannidis, and S. M. Bellovin, "Implementing pushback: router-based defense against DDoS attacks", Presented at Network and Distributed System Security Symposium, 2002.
[7] M. Kim, H. Na, K. Chae, H. Bang, and J. Na, "A Combined Data Mining Approach for DDoS Attack Detection", ICOIN 2004, LNCS 3090, Springer-Verlag, Berlin Heidelberg, pp. 943-950.
[8] K. Lee, J. Kim, K. H. Kwon, Y. Han, and S. Kim, "DDoS attack detection method using cluster analysis", Expert Systems with Applications, 2007, Vol. 34, pp. 1659-1665.
[9] H. W. Lee, "SVM Based Packet Marking Technique for Traceback on Malicious DDoS Traffic", ICOIN 2006, LNCS 3961, Springer-Verlag, Berlin Heidelberg, pp. 754-763.
[10] S. C. Lin, and S. S. Tseng, "Constructing detection knowledge for DDoS intrusion tolerance", Expert Systems with Applications, 2004, Vol. 27, pp. 379-390.
[11] R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling high bandwidth aggregate in the network", ACM SIGCOMM Computer Communication Review, 2002, Vol. 32, No. 3 pp. 62 - 73.
[12] J. May, J. Peterson, and J. Bauman, "Attack detection in large networks", Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX -01), 2001, Vol. 1, pp.15-21.
[13] MIT Lincoln Lab, 2000, DARPA intrusion detection scenario specific datasets, http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html.
[14] T. M. Mitchell, Machine Learning, MacGraw Hill, New York, 1996.
[15] K. Park, and H. Lee, "A proactive approach to distributed DoS attack prevention using route-based packet filtering", Tech. Rep. CSD-00-017, Department of Computer Sciences, Purdue University, 2000.
[16] F. Sebastiani, "Machine learning in automated text categorization", ACM Computing Surveys, Vol. 34, issue 1, Consiglio Nazionale delle Ricerche, Italy, 2002, pp. 1-47.
[17] A. Sharma, A. K. Pujari, and K. K. Paliwal, "Intrusion detection using text processing techniques with a kernel based similarity measure", Computers & Security, 2007, Vol. 26, issue 7-8, 2007, pp. 488-495.
[18] B. Todd, "Distributed Denial of Service Attacks", 2000. http://www.linuxsecurity.com/resource_files/intrusion_detection/ddosfaq. html
[19] X. Xu, Y. Sun, and Z. Huang, "Defending DDoS Attacks Using Hidden Markov Models and Cooperative Reinforcement Learning", Yang C.C. et al. (Eds.): PAISI 2007, LNCS 4430, Springer-Verlag, Berlin Heidelberg, pp. 196-207.
[20] A. Yaar, A. Perrig, and D. Song, "Pi: a path identification mechanism to defend against DDos attack", Proceedings of the IEEE Symposium on Security and Privacy, 2003, pp. 93-107.