Abstract
Disruption precipitated by Distributed Denial of Service (DDoS) attacks has escalated drastically in recent years. This is due to the deployment of faster network access technologies, innovative network reliant applications and leading edge devices like smart phones, tablets and Internet of Things (IoT). Applications running on these devices are increasing the dependency of high speed network services. Nonetheless, the main objective of DDoS attacks are to deprive legitimate users of network services by exhausting a victim’s bandwidth or hardware resources. Most current approaches offer centralized detection and mitigation. However, few proposals focus on deploying DDoS defense and mitigation systems within the ISP’s domain, which has the potential to provide scalable and distributed solutions for these attacks. This paper presents a lightweight DDoS attack mitigation system utilising self-organizing map algorithm to classify near real time netflow data collected by the ISP.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ben-Porat, U., Bremler-Barr, A., Levy, H.: Vulnerability of network mechanisms to sophisticated DDoS attacks. IEEE Trans. Comput. 62(5), 1031–1043 (2013). https://doi.org/10.1109/TC.2012.49, ISSN 0018-9340
Fu, Z., Papatriantafilou, M., Tsigas, P.: Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts. IEEE Trans. Dependable Secur. Comput. 9(3), 401–413 (2012)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms, vol. 34, 05 (2004)
Chonka, A., Singh, J., Zhou, W.: Chaos theory based detection against network mimicking ddos attacks. IEEE Commun. Lett. 13(9), 717–719 (2009). https://doi.org/10.1109/LCOMM.2009.090615, ISSN 1089-7798
Liu, L., Jin, X., Min, G., Xu, L.: Anomaly diagnosis based on regression and classification analysis of statistical traffic features. Secur. Commun. Networks 7(9), 1372–1383 (2014). https://doi.org/10.1002/sec.843https://doi.org/10.1002/sec.843, ISSN 1939-0122
McKeay, M.: State of the internet security q4 2017 report (2017). https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q4-2017-state-of-the-internet-security-report.pdf. Accessed 15 Mar 2018
Who provides internet service to ISPs (2016). https://www.linkcue.com/blog/who-provides-the-internet-service-to-internet-service-providers-isps. Accessed 20 Mar 2018
Sachdeva, M., Singh, G., Krishan, K.: Deployment of distributed defense against DDoS attacks in ISP domain. Int. J. Comput. Appl. 15, 25–31 (2011)
Rodrigues, B., Bocek, T., Lareida, A., Hausheer, D., Rafati, S., Stiller, B.: A blockchain-based architecture for collaborative DDoS mitigation with smart contracts. In: Tuncer, D., Koch, R., Badonnel, R., Stiller, B., (eds.) Security of Networks and Services in an All-Connected World, pp. 16–29. Springer International Publishing, Cham (2017). ISBN 978-3-319-60774-0
Sultana, N., Chilamkurti, N., Peng, W., Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications, January 2018. https://doi.org/10.1007/s12083-017-0630-0, ISSN 1936-6450
Palnaty, R.P., Rao, A.: JCADS: semi-supervised clustering algorithm for network anomaly intrusion detection systems. In: 2013 15th International Conference on Advanced Computing Technologies (ICACT), pp. 1–5, September 2013. https://doi.org/10.1109/ICACT.2013.6710498
Lu, K., Wu, D., Fan, J., Todorovic, S., Nucci, A.: Robust and efficient detection of DDoS attacks for large-scale internet. Comput. Networks 51(18), 5036–5056 (2007). https://doi.org/10.1016/j.comnet.2007.08.008, ISSN 1389-1286, http://www.sciencedirect.com/science/article/pii/S1389128607002320
Wang, L., Jones, R.: Big data analytics for network intrusion detection: a survey. Int. J. Networks Commun. (2017). https://doi.org/10.5923/j.ijnc.20170701.03, ISSN 2168-4936
Kumar, S.: Survey of current network intrusion detection techniques (2017). https://www.cse.wustl.edu/~jain/cse571-07/ftp/ids.pdf. Accessed 16 Mar 2018
Hodo, E., Bellekens, X.J.A., Hamilton, A., Tachtatzis, C., Atkinson, R.C.: Shallow and deep networks intrusion detection system: a taxonomy and survey. CoRR, abs/1701.02145 (2017). http://arxiv.org/abs/1701.02145
Aburomman, A.A., Bin Ibne Reaz, M.: Survey of learning methods in intrusion detection systems. In: 2016 International Conference on Advances in Electrical, Electronic and Systems Engineering (ICAEES), pp. 362–365, November 2016. https://doi.org/10.1109/ICAEES.2016.7888070
Fitriani, S., Mandala, S., Murti, M.A.: Review of semi-supervised method for intrusion detection system. In: 2016 Asia Pacic Conference on Multimedia and Broadcasting (APMediaCast), pp. 36–41, November 2016. https://doi.org/10.1109/APMediaCast.2016.7878168
Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 31(4), 266–274 (2001). ISSN 1083-4427. https://doi.org/10.1109/3468.935043
Kim, S.S., Narasimha Reddy, A.L.: Statistical techniques for detecting traffic anomalies through packet header data. IEEE/ACM Trans. Netw. 16(3), 562-575 (2008). https://doi.org/10.1109/TNET.2007.902685, ISSN 1063-6692
Xiang, Y., Zhou, W., Guo, M.: Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE Trans. Parallel Distrib. Syst. 20(4), 567–580 (2009). https://doi.org/10.1109/TPDS.2008.132. ISSN 1045-9219
Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990). https://doi.org/10.1109/5.58325. ISSN 0018-9219
Pachghare, V.K., Kulkarni, P., Nikam, D.M.: Intrusion detection system using self organizing maps. In: 2009 International Conference on Intelligent Agent Multi-Agent Systems, p. 15 (2009). https://doi.org/10.1109/IAMA.2009.5228074
Labib, K., Vemuri, R.: Nsom: a real-time network-based intrusion detection system using self-organizing maps, January 2002
Gunes Kayacik, H., Nur Zincir-Heywood, A., Heywood, M.I.: A hierarchical som-based intrusion detection system. Eng. Appl. Artif. Intell. 20(4), 439–451 (2007). https://doi.org/10.1016/j.engappai.2006.09.005, http://www.sciencedirect.com/science/article/pii/S0952197606001606, ISSN 0952-1976
Fernando, Z.T., Thaseen, I. S., Kumar, C.A.: Network attacks identifcation using consistency based feature selection and self organizing maps. In: 2014 First International Conference on Networks Soft Computing (ICNSC 2014), pp. 162–166, August 2014. https://doi.org/10.1109/CNSC.2014.6906666
Zhao, J.-H., Li, W.-H.: Intrusion detection based on improved SOM with optimized GA, vol. 8, 06 (2013)
DeLooze, L.L.: Attack characterization and intrusion detection using an ensemble of self-organizing maps. In: The 2006 IEEE International Joint Conference on Neural Network Proceedings, pp. 2121–2128 (2006). https://doi.org/10.1109/IJCNN.2006.246983
De la Hoz, E., De La Hoz, E., Ortiz, A., Ortega, J., Prieto, B.: PCA fltering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015). ISSN 0925-2312. https://doi.org/10.1016/j.neucom.2014.09.083, http://www.sciencedirect.com/science/article/pii/S0925231215002982
Jirapummin, C., Wattanapongsakorn, N., Kanthamanon, P.: Hybrid neural networks for intrusion detection system
Stevanovic, D., Vlajic, N., An, A.: Unsupervised clustering of web sessions to detect malicious and non-malicious website users. Procedia Comput. Sci. 5, 123–131 (2011). https://doi.org/10.1016/j.procs.2011.07.018, http://www.sciencedirect.com/science/article/pii/S1877050911003437, ISSN 1877-0509. The 2nd International Conference on Ambient Systems, Networks and Technologies (ANT-2011)/The 8th International Conference on Mobile Web Information Systems (MobiWIS 2011)
Lichodzijewski, P., Nur Zincir-Heywood, A, Heywood, M.I.: Dynamic intrusion detection using self-organizing maps (2002)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000). https://doi.org/10.1145/382912.382923, ISSN 1094-9224
Acknowledgment
This project is funded by the Irish Research Council under Award No. EBPPG/2016/326.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ko, I., Chambers, D., Barrett, E. (2019). A Lightweight DDoS Attack Mitigation System within the ISP Domain Utilising Self-organizing Map. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-02683-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02682-0
Online ISBN: 978-3-030-02683-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)