Skip to main content
SpringerLink
Log in

A Lightweight DDoS Attack Mitigation System within the ISP Domain Utilising Self-organizing Map

  • Conference paper
  • First Online:
Proceedings of the Future Technologies Conference (FTC) 2018 (FTC 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 881))

Included in the following conference series:

Abstract

Disruption precipitated by Distributed Denial of Service (DDoS) attacks has escalated drastically in recent years. This is due to the deployment of faster network access technologies, innovative network reliant applications and leading edge devices like smart phones, tablets and Internet of Things (IoT). Applications running on these devices are increasing the dependency of high speed network services. Nonetheless, the main objective of DDoS attacks are to deprive legitimate users of network services by exhausting a victim’s bandwidth or hardware resources. Most current approaches offer centralized detection and mitigation. However, few proposals focus on deploying DDoS defense and mitigation systems within the ISP’s domain, which has the potential to provide scalable and distributed solutions for these attacks. This paper presents a lightweight DDoS attack mitigation system utilising self-organizing map algorithm to classify near real time netflow data collected by the ISP.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ben-Porat, U., Bremler-Barr, A., Levy, H.: Vulnerability of network mechanisms to sophisticated DDoS attacks. IEEE Trans. Comput. 62(5), 1031–1043 (2013). https://doi.org/10.1109/TC.2012.49, ISSN 0018-9340

    Article  MathSciNet  Google Scholar 

  2. Fu, Z., Papatriantafilou, M., Tsigas, P.: Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts. IEEE Trans. Dependable Secur. Comput. 9(3), 401–413 (2012)

    Article  Google Scholar 

  3. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms, vol. 34, 05 (2004)

    Article  Google Scholar 

  4. Chonka, A., Singh, J., Zhou, W.: Chaos theory based detection against network mimicking ddos attacks. IEEE Commun. Lett. 13(9), 717–719 (2009). https://doi.org/10.1109/LCOMM.2009.090615, ISSN 1089-7798

    Article  Google Scholar 

  5. Liu, L., Jin, X., Min, G., Xu, L.: Anomaly diagnosis based on regression and classification analysis of statistical traffic features. Secur. Commun. Networks 7(9), 1372–1383 (2014). https://doi.org/10.1002/sec.843https://doi.org/10.1002/sec.843, ISSN 1939-0122

  6. McKeay, M.: State of the internet security q4 2017 report (2017). https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q4-2017-state-of-the-internet-security-report.pdf. Accessed 15 Mar 2018

  7. Who provides internet service to ISPs (2016). https://www.linkcue.com/blog/who-provides-the-internet-service-to-internet-service-providers-isps. Accessed 20 Mar 2018

  8. Sachdeva, M., Singh, G., Krishan, K.: Deployment of distributed defense against DDoS attacks in ISP domain. Int. J. Comput. Appl. 15, 25–31 (2011)

    Google Scholar 

  9. Rodrigues, B., Bocek, T., Lareida, A., Hausheer, D., Rafati, S., Stiller, B.: A blockchain-based architecture for collaborative DDoS mitigation with smart contracts. In: Tuncer, D., Koch, R., Badonnel, R., Stiller, B., (eds.) Security of Networks and Services in an All-Connected World, pp. 16–29. Springer International Publishing, Cham (2017). ISBN 978-3-319-60774-0

    Google Scholar 

  10. Sultana, N., Chilamkurti, N., Peng, W., Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications, January 2018. https://doi.org/10.1007/s12083-017-0630-0, ISSN 1936-6450

  11. Palnaty, R.P., Rao, A.: JCADS: semi-supervised clustering algorithm for network anomaly intrusion detection systems. In: 2013 15th International Conference on Advanced Computing Technologies (ICACT), pp. 1–5, September 2013. https://doi.org/10.1109/ICACT.2013.6710498

  12. Lu, K., Wu, D., Fan, J., Todorovic, S., Nucci, A.: Robust and efficient detection of DDoS attacks for large-scale internet. Comput. Networks 51(18), 5036–5056 (2007). https://doi.org/10.1016/j.comnet.2007.08.008, ISSN 1389-1286, http://www.sciencedirect.com/science/article/pii/S1389128607002320

    Article  Google Scholar 

  13. Wang, L., Jones, R.: Big data analytics for network intrusion detection: a survey. Int. J. Networks Commun. (2017). https://doi.org/10.5923/j.ijnc.20170701.03, ISSN 2168-4936

  14. Kumar, S.: Survey of current network intrusion detection techniques (2017). https://www.cse.wustl.edu/~jain/cse571-07/ftp/ids.pdf. Accessed 16 Mar 2018

  15. Hodo, E., Bellekens, X.J.A., Hamilton, A., Tachtatzis, C., Atkinson, R.C.: Shallow and deep networks intrusion detection system: a taxonomy and survey. CoRR, abs/1701.02145 (2017). http://arxiv.org/abs/1701.02145

  16. Aburomman, A.A., Bin Ibne Reaz, M.: Survey of learning methods in intrusion detection systems. In: 2016 International Conference on Advances in Electrical, Electronic and Systems Engineering (ICAEES), pp. 362–365, November 2016. https://doi.org/10.1109/ICAEES.2016.7888070

  17. Fitriani, S., Mandala, S., Murti, M.A.: Review of semi-supervised method for intrusion detection system. In: 2016 Asia Pacic Conference on Multimedia and Broadcasting (APMediaCast), pp. 36–41, November 2016. https://doi.org/10.1109/APMediaCast.2016.7878168

  18. Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 31(4), 266–274 (2001). ISSN 1083-4427. https://doi.org/10.1109/3468.935043

    Article  Google Scholar 

  19. Kim, S.S., Narasimha Reddy, A.L.: Statistical techniques for detecting traffic anomalies through packet header data. IEEE/ACM Trans. Netw. 16(3), 562-575 (2008). https://doi.org/10.1109/TNET.2007.902685, ISSN 1063-6692

    Article  Google Scholar 

  20. Xiang, Y., Zhou, W., Guo, M.: Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE Trans. Parallel Distrib. Syst. 20(4), 567–580 (2009). https://doi.org/10.1109/TPDS.2008.132. ISSN 1045-9219

    Article  Google Scholar 

  21. Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990). https://doi.org/10.1109/5.58325. ISSN 0018-9219

    Article  Google Scholar 

  22. Pachghare, V.K., Kulkarni, P., Nikam, D.M.: Intrusion detection system using self organizing maps. In: 2009 International Conference on Intelligent Agent Multi-Agent Systems, p. 15 (2009). https://doi.org/10.1109/IAMA.2009.5228074

  23. Labib, K., Vemuri, R.: Nsom: a real-time network-based intrusion detection system using self-organizing maps, January 2002

    Google Scholar 

  24. Gunes Kayacik, H., Nur Zincir-Heywood, A., Heywood, M.I.: A hierarchical som-based intrusion detection system. Eng. Appl. Artif. Intell. 20(4), 439–451 (2007). https://doi.org/10.1016/j.engappai.2006.09.005, http://www.sciencedirect.com/science/article/pii/S0952197606001606, ISSN 0952-1976

    Article  Google Scholar 

  25. Fernando, Z.T., Thaseen, I. S., Kumar, C.A.: Network attacks identifcation using consistency based feature selection and self organizing maps. In: 2014 First International Conference on Networks Soft Computing (ICNSC 2014), pp. 162–166, August 2014. https://doi.org/10.1109/CNSC.2014.6906666

  26. Zhao, J.-H., Li, W.-H.: Intrusion detection based on improved SOM with optimized GA, vol. 8, 06 (2013)

    Google Scholar 

  27. DeLooze, L.L.: Attack characterization and intrusion detection using an ensemble of self-organizing maps. In: The 2006 IEEE International Joint Conference on Neural Network Proceedings, pp. 2121–2128 (2006). https://doi.org/10.1109/IJCNN.2006.246983

  28. De la Hoz, E., De La Hoz, E., Ortiz, A., Ortega, J., Prieto, B.: PCA fltering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015). ISSN 0925-2312. https://doi.org/10.1016/j.neucom.2014.09.083, http://www.sciencedirect.com/science/article/pii/S0925231215002982

    Article  Google Scholar 

  29. Jirapummin, C., Wattanapongsakorn, N., Kanthamanon, P.: Hybrid neural networks for intrusion detection system

    Google Scholar 

  30. Stevanovic, D., Vlajic, N., An, A.: Unsupervised clustering of web sessions to detect malicious and non-malicious website users. Procedia Comput. Sci. 5, 123–131 (2011). https://doi.org/10.1016/j.procs.2011.07.018, http://www.sciencedirect.com/science/article/pii/S1877050911003437, ISSN 1877-0509. The 2nd International Conference on Ambient Systems, Networks and Technologies (ANT-2011)/The 8th International Conference on Mobile Web Information Systems (MobiWIS 2011)

    Article  Google Scholar 

  31. Lichodzijewski, P., Nur Zincir-Heywood, A, Heywood, M.I.: Dynamic intrusion detection using self-organizing maps (2002)

    Google Scholar 

  32. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000). https://doi.org/10.1145/382912.382923, ISSN 1094-9224

    Article  Google Scholar 

Download references

Acknowledgment

This project is funded by the Irish Research Council under Award No. EBPPG/2016/326.

Author information

Authors and Affiliations

  1. National University of Ireland Galway, University Rd, Galway, Ireland

    Ili Ko, Desmond Chambers & Enda Barrett

Authors
  1. Ili Ko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Desmond Chambers
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Enda Barrett
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ili Ko .

Editor information

Editors and Affiliations

  1. Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Rahul Bhatia

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Supriya Kapoor

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ko, I., Chambers, D., Barrett, E. (2019). A Lightweight DDoS Attack Mitigation System within the ISP Domain Utilising Self-organizing Map. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_14

Download citation

Publish with us

Policies and ethics

Search

Navigation