Abstract
The work presented in this paper is an implementation of a design of a DDoS simulation testbed that uses parameter estimation and probability fitting of source IP address features of a network. We explored the issue of lack of adequate and recent evaluation datasets, we therefore designed a way that can be used to generate synthetic data that simulates a DDoS attack. We found that the Gaussian probability distribution best represents the normal operations of a network, while the Poisson probability distribution represents the operations of a network under a DDoS attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gluhak, A., et al.: A survey on facilities for experimental internet of things research. Commun. Mag. IEEE 49(11), 58–67 (2011)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Forrester Consulting. “The trends and Changing Landscape of DDoS Threats and Protection” (2009)
Bhattacharyya, D.K., Kalita, J.K.: DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance (2016)
Kupreev, O., Badovskaya, E., Gutnikov, A.: Kaspersky Report: DDoS attacks in Q2 2020 (2020)
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
Bhuyan, M.H., et al.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. 57, bxt031 (2013)
Mirkovic, J., Reiher, P.: D-WARD: a source-end defense against flooding denial-of-service attacks. IEEE Trans. Dependable Secure Comput. 2(3), 216–232 (2005)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network traffic anomaly detection techniques and systems. In: Network Traffic Anomaly Detection and Prevention (2017)
Ahmed, E., et al.: Use of ip addresses for high rate flooding attack detection. In: IFIP International Information Security Conference (2010)
Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement (2001)
Feinstein, L. et al.: Statistical approaches to DDoS attack detection and response. In: Proceedings DARPA Information Survivability Conference and Exposition (2003)
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. ACM SIGCOMM Comput. Commun. Rev. 35(4), 217–228 (2005)
Wagner, A., Plattner, B.: Entropy based worm and anomaly detection in fast IP networks. In: 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05) (2005)
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attacks using history-based IP filtering. In: IEEE International Conference On Communications, ICC 2003 (2003)
Le, Q., Zhanikeev, M., Tanaka, Y.: Methods of distinguishing flash crowds from spoofed DoS attacks. In: 2007 Next Generation Internet Networks (2007)
Bhatia, S., et al.: A framework for generating realistic traffic for distributed denial-of-service attacks and flash events. Comput. Secur. 40, 95–107 (2014)
Tartakovsky, A.G., Polunchenko, A.S., Sokolov, G.: Efficient computer network anomaly detection by changepoint detection methods. IEEE J. Select. Topics Signal Process. 7(1), 4–11 (2013)
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recog. Lett. 51, 1–7 (2015)
Erhan, D., Anarım, E.: Statistical properties of DDoS attacks. In: 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT) (2019)
Li, K. et al.: Effective DDoS attacks detection using generalized entropy metric. In: International Conference on Algorithms and Architectures for Parallel Processing (2009)
Machaka, P., Nelwamondo, F.: Data mining techniques for distributed denial of service attacks detection in the internet of things: a research survey. In: Data Mining Trends and Applications in Criminal Science and Investigations (2016)
Page, E.: Continuous inspection schemes. In: Biometrika, pp. 100–115 (1954)
Roberts, S.: Control chart tests based on geometric moving averages. Technometrics 1(3), 239–250 (1959)
Machaka, P., Bagula, A., Nelwamondo, F.: Using exponentially weighted moving average algorithm to defend against DDoS attacks. In: 2016 Pattern Recognition Association of South Africa and Robotics and Mechatronics International Conference (PRASA-RobMech) (2016)
Machaka, P., et al.: Using the cumulative sum algorithm against distributed denial of service attacks in internet of things. In: International Conference on Context-Aware Systems and Applications (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Machaka, P., Bagula, A. (2021). Statistical Properties and Modelling of DDoS Attacks. In: Vinh, P.C., Rakib, A. (eds) Context-Aware Systems and Applications, and Nature of Computation and Communication. ICCASA ICTCC 2020 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 343. Springer, Cham. https://doi.org/10.1007/978-3-030-67101-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-67101-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-67100-6
Online ISBN: 978-3-030-67101-3
eBook Packages: Computer ScienceComputer Science (R0)