Skip to main content
SpringerLink
Log in

Adaptive DDoS-Event Detection from Big Darknet Traffic Data

  • Conference paper
  • First Online:
Neural Information Processing (ICONIP 2015)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9492))

Included in the following conference series:

Abstract

This paper presents an adaptive large-scale monitoring system to detect Distributed Denial of Service (DDoS) attacks whose backscatter packets are observed on the darknet (i.e., unused IP space). To classify DDoS backscatter, 17 features of darknet traffic are defined from IPs/ports information for source and destination hosts. To adapt to the change of DDoS attacks, we newly implement an online learning function in the proposed monitoring system, where an SVM classifier is continuously trained with darknet features transformed from packets during a certain period. In the performance evaluation, we use the MWS Dataset 2014 that consists of darknet packets collected from 1st January 2014 to 28th February 2014 (8 weeks). We demonstrate that the proposed system keeps good test performance in the detection of DDoS backscatter (0.98 in F-measure).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  2. Wang, H., Zhang, D., Shin, K.: Detecting SYN floodingattacks. In: Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 1530–1539 (2002)

    Google Scholar 

  3. Ryba, F.J., Orlinski, M., Wählisch, M., Rossow, C., Schmidt, T.C.: Amplification and DRDoS attack defense - a survey and new perspectives. CoRR, vol. abs/1505.07892 (2015)

    Google Scholar 

  4. Bardas, A.G., Zomlot, L., Sundaramurthy, S.C., Ou, X., Rajagopalan, S.R., Eisenbarth, M.R.: Classification of UDP traffic for DDoS detection. In: The 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (2012)

    Google Scholar 

  5. Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D., et al.: The internet motion sensor - a distributed blackhole monitoring system. In: NDSS (2005)

    Google Scholar 

  6. Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K.: Behavior analysis of long-term cyber attacks in the darknet. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012, Part V. LNCS, vol. 7667, pp. 620–628. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  7. Harder, U., Johnson, M.W., Bradley, J.T., Knottenbelt, W.J.: Observing internet worm and virus attacks with a small network telescope. Electron. Notes Theor. Comput. Sci. 151(3), 47–59 (2006)

    Article  Google Scholar 

  8. Benson, K., Dainotti, A., Claffy, K., Aben, E.: Gaining insight into as-level outages through analysis of internet background radiation. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 447–452 (2013)

    Google Scholar 

  9. Van der Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)

    MATH  Google Scholar 

  10. Furutani, N., Ban, T., Nakazato, J., Shimamura, J., Kitazono, J., Ozawa, S.: Detection of DDoS backscatter based on traffic features of darknet TCP packets. In: 2014 Ninth Asia Joint Conference on Information Security, pp. 39–43 (2014)

    Google Scholar 

  11. Vapnik, V.N.: Statistical Learning Theory, vol. 1. Wiley, New York (1998)

    MATH  Google Scholar 

  12. Hsu, C.W., Chang, C.C., Lin, C.J.: A practical guide to support vector classification. Technical report, Department of Computer Science, National Taiwan University (2003)

    Google Scholar 

  13. Kohavi, R.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: International Joint Conference on Artificial Intelligence, vol. 14, issue 2 (1995)

    Google Scholar 

  14. Kamizono, M.: Datasets for Anti-Malware Research (MWS Datasets 2014) (2014)

    Google Scholar 

  15. Nakazato, J., Shimamura, J., Eto, M., Inoue, D., Nakao, K.: Backscatter analysis toward clear categorization of DoS attacks. In: The 30th Symposium on Cryptography and Information Security (2013) (in Jananese)

    Google Scholar 

  16. Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1–27:27 (2011)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Engineering, Kobe University, Hyogo, Japan

    Nobuaki Furutani, Jun Kitazono & Seiichi Ozawa

  2. National Institute of Information and Communications Technologyi, Tokyo, Japan

    Tao Ban & Junji Nakazato

  3. Clwit Inc., Tokyo, Japan

    Jumpei Shimamura

Authors
  1. Nobuaki Furutani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Kitazono
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seiichi Ozawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tao Ban
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Junji Nakazato
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jumpei Shimamura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nobuaki Furutani .

Editor information

Editors and Affiliations

  1. University of Istanbul, Istanbul, Turkey

    Sabri Arik

  2. University at Qatar, Doha, Qatar

    Tingwen Huang

  3. Tunku Abdul Rahman University College, Kuala Lumpur, Malaysia

    Weng Kin Lai

  4. University of Science Technology, Wuhan, China

    Qingshan Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Furutani, N., Kitazono, J., Ozawa, S., Ban, T., Nakazato, J., Shimamura, J. (2015). Adaptive DDoS-Event Detection from Big Darknet Traffic Data. In: Arik, S., Huang, T., Lai, W., Liu, Q. (eds) Neural Information Processing. ICONIP 2015. Lecture Notes in Computer Science(), vol 9492. Springer, Cham. https://doi.org/10.1007/978-3-319-26561-2_45

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26561-2_45

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26560-5

  • Online ISBN: 978-3-319-26561-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation