Abstract
The emergence of the Mirai malware facilitated a DDoS attack vector to surge to almost 1 Tbps in 2016, instigated by less than 150,000 infected IoT devices. With the infection of five new IoT devices per minute, the size of Mirai botnet was enlarged to 2.5 millions devices by the end of 2016. The continuous adaptation of the Mirai malware enables the modern variant to dynamically update its malware scripts on the fly to launch even more advanced and malevolent DDoS attacks, which dramatically escalates the level of difficulty with mitigating DDoS attacks. Many researchers endeavour to develop mitigation systems to keep up with the increasing security threats. Nonetheless, most presented models provide inefficient solutions either by utilising auxiliary servers at the host site, on the cloud or at dedicated data scrubbing centres. Since internet service providers (ISPs) connect the internet with users, the mitigation system should be deployed within the ISP domain to deliver a more efficient solution. Accordingly, we propose a stacked self-organising map, which is a feature dynamic deep learning approach that utilises netflow data collected by the ISP to combat the dynamic nature of novel DDoS attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Wikipedia contributors. Internet of things. Wikipedia, The Free Encyclopedia. August 19, 2018, 10:39 UTC. https://en.wikipedia.org/wiki/Internet_of_things. Accessed 20 Aug 2018
SPAMfighter contributors. 2.5 Million IoT Devices Infected by Malware Mirai. SPAMfighter News. 21-04-2017. https://www.spamfighter.com/News-20867-25-Million-IoT-Devices-Infected-by-Malware-Mirai.htm. Accessed 20 Aug 2018
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: mirai and other botnets. Computer 50(7), 80–84 (2017). https://doi.org/10.1109/MC.2017.201
Incapsula contributors. DDoS Attacks incapsula.com. [Online]. https://www.incapsula.com/ddos/ddos-attacks/. Accessed 20 Aug 2018
Akamai contributors, SOTI Summer 2018 State of the Internet Security. https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/soti-summer-2018-web-attack-report.pdf. Accessed 20 Aug 2018
Kerner, S. M.: GitHub Hit By Largest DDoS Attack Ever Recorded at 1.35 Tbps. eWEEK. March 01, 2018. http://www.eweek.com/security/github-hit-by-largest-ddos-attack-ever-recorded-at-1.35-tbps. Accessed 23 Aug 2018
Spring, T.: Mirai Variant Targets Financial Sector with IoT DDoS Attacks. SPAMfighter News. 21-04-2017. https://threatpost.com/mirai-variant-targets-financial-sector-with-iot-ddos-attacks/131056/. Accessed August 23, (2018)
Kumar, S.: Survey of current network intrusion detection techniques, 2017. https://www.cse.wustl.edu/~jain/cse571-07/ftp/ids.pdf. Accessed 16 Mar 2018
Fernando, Z.T., Thaseen, I.S., Kumar, C.A.: Network attacks identifcation using consistency based feature selection and self organizing maps. In: 2014 First International Conference on Networks Soft Computing (ICNSC2014), pp. 162–166, Aug (2014). https://doi.org/10.1109/CNSC.2014.6906666
Idhammad, M., Afdel, K., Belouch, M.: Appl. Intell. (2018). https://doi.org/10.1007/s10489-018-1141-2
Chourasiya, R. et al.: Classification of cyber attack using machine learning technique at microsoft azure cloud. Int. Res. J. Eng. Appl. Sci. (2018)
Sultana, N., Chilamkurti, N., Peng, W., Alhadad, R.: Survey on sdn based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw Appl. (2018). https://doi.org/10.1007/s12083-017-0630-0
Dao, N.-N. et al.: Securing Heterogeneous IoT with Intelligent DDoS Attack Behavior Learning. CoRR arXiv:1711.06041 (2017): n. pag
Yan, Q., Huang, W., Luo, X., Gong, Q., Yu, F.R.: A multi-level DDoS mitigation framework for the industrial internet of things. IEEE Commun. Mag. 56(2), 30–36 (2018). https://doi.org/10.1109/MCOM.2018.1700621
Rodrigues, B., Bocek, T., Lareida, A., Hausheer, D., Rafati, S., Stiller, B.: A blockchain-based architecture for collaborative DDoS mitigation with smart contracts. In: Tuncer, D., Koch, R., emi Badonnel, R., Stiller, R. (eds.) Security of Networks and Services in an All-Connected World, p. 1629. Springer International Publishing, Cham (2017)
Wang, C., Miu, T.T.N., Luo, X., Wang, J.: SkyShield: a sketch-based defense system against application layer DDoS attacks. IEEE Trans. Inform. Forensics Secur. 13(3), 559–573 (2018). https://doi.org/10.1109/TIFS.2017.2758754
Hinze, N., Nawrocki, M., Jonker, M., Dainotti, A., Schmidt, T. C., Wählisch, M.: On the potential of BGP flowspec for DDoS mitigation at two sources: ISP and IXP. In: Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos (SIGCOMM ’18). ACM, New York, NY, USA, pp. 57–59. (2018) https://doi.org/10.1145/3234200.3234209
Wang, L.: Jones, Randy: Big data analytics for network intrusion detection: a survey. Int. J. Netw. Commun. (2017). https://doi.org/10.5923/j.ijnc.20170701.03
Fitriani, S., Mandala, S., Murti, M.A.: Review of semi-supervised method for intrusion detection system. In: 2016 Asia Pacic Conference on Multimedia and Broadcasting (APMediaCast), pp. 36–41. (2016). https://doi.org/10.1109/APMediaCast.2016.7878168
Aburomman, A.A., Bin Ibne Reaz, M.: Survey of learning methods in intrusion detection systems. In: 2016 International Conference on Advances in Electrical, Electronic and Systems Engineering (ICAEES), p. 362365. (2016). https://doi.org/10.1109/ICAEES.2016.7888070
Lu, K.: Wu, Dapeng, Fan, Jieyan, Todorovic, Sinisa, Nucci, Antonio: robust and efficient detection of ddos attacks for large-scale internet. Comput. Netw. 51(18), 5036–5056 (2007). https://doi.org/10.1016/j.comnet.2007.08.008
Sachdeva, M., Singh, G., Krishan, K.: Deployment of distributed defense against DDoS attacks in isp domain. Int. J. Comput. Appl. (2011)
Li, C. et al.: Detection and defense of DDoS attack–based on deep learning in OpenFlow-based SDN. Int. J. Commun. Syst. 31: 1074–5351. https://doi.org/10.1002/dac.3497
Review T.: Google’s deep learning machine learns to synthesize real world images. (2015)
Metz C.: Facebook’s Deep Learning guru reveals the future of AI. (2017). https://www.wired.com/2013/12/facebook-yann-lecun-qa/
Li, D.: Recent advances in deep learning at Microsoft: a selected overview. (2017). http://research.microsoft.com/jump/241484/
Kamijo, K., Tanigawa, T.: Stock price pattern recognition- a recurrent neural network approach. In: 1990 IJCNN International Joint Conference on neural networks. IEEE, vol. 1990, pp. 215–221. (1990)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. Adv. Neural Inform. Process. Syst. 25(2), 1097–1105 (2012)
Hinton, Z.: Autoencoders, minimum description length, and Helmholtz free energy. Adv. Neural Inform. Process. Syst. https://www.cs.toronto.edu/~hinton/absps/cvq.pdf
Ackley, D.H., Hinton, G.E., Sejnowski, T.J.: A learning algorithm for boltzmann machines. Cognit. Sci. 9(1), 147–169 (1985). https://doi.org/10.1016/S0364-0213(85)80012-4
Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990). https://doi.org/10.1109/5.58325
Meidan, Y. et al.: N-BaloT:Network-based Detection of IoT Botnet Attacks Using Deep Autoencoders. (2018)
Li, C., Wang, J., Ye, X.: Using a recurrent neural network and restricted boltzmann machines for malicious traffic detection. NeuroQuantology (2018). https://doi.org/10.14704/nq.2018.16.5.1391
Pillutla, H., Arjunan, A.: Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing. J. Ambient Intell. Humaniz. Comput (2018). https://doi.org/10.1007/s12652-018-0754-y
Nam, T.M., et al.: Self-organizing map-based approaches in DDoS flooding detection using SDN. In: 2018 International Conference on Information Networking (ICOIN), Chiang Mai, (2018), pp. 249–254. https://doi.org/10.1109/ICOIN.2018.8343119. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8343119&isnumber=8343066
Ko, Ili, Chambers, Desmond, Barrett, Enda: A lightweight DDoS attack mitigation system within the ISP domain utilising self-organizing map, vol. 2. (2019). https://doi.org/10.1007/978-3-030-02683-7_14
BoNesi-the DDoS Botnet Simulator. https://github.com/Markus-Go/bonesi
Acknowledgements
This project was funded by the Irish Research Council under award ID EBPPG/2016/326.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Human and animal rights
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ko, I., Chambers, D. & Barrett, E. Feature dynamic deep learning approach for DDoS mitigation within the ISP domain. Int. J. Inf. Secur. 19, 53–70 (2020). https://doi.org/10.1007/s10207-019-00453-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-019-00453-y