Advertisement

Microsystem Technologies

, Volume 23, Issue 3, pp 593–611 | Cite as

DyProSD: a dynamic protocol specific defense for high-rate DDoS flooding attacks

  • Debojit Boro
  • Dhruba K. Bhattacharyya
Technical Paper

Abstract

High-rate distributed denial of service (HDDoS) flooding attacks pose as a major threat to the Internet. Most present solutions based on machine learning approach are inept for detecting the attacks in real time due to high processing overhead. In this paper, we present a defense solution referred to as DyProSD that combines both the merits of feature-based and statistical approach to handle HDDoS flooding attacks. The statistical module marks the suspicious traffic and forwards to an ensemble of classifiers for ascertaining the traffic as malicious or normal. Our method filters the attack traffic protocol specifically by allocating various protocol specific filter engines dynamically. As and when DDoS attack occurs and the load of a filter engine reaches beyond its capable limit, a new filter engine is recruited dynamically from the idle resource pool for filtering, thus guaranteeing the quality of service for legitimate users concurrently. We establish the effectiveness of DyProSD through several experimental analysis and real-world dataset experiments and the results indicate enough confidence in favour of our solution.

Keywords

Attack Detection Packet Arrival Rate Incoming Traffic Flooding Attack Traffic Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgments

This work is supported by Ministry of Human Resource and Development (MHRD), Government of India, under Frontier Areas of Science and Technology (FAST).

References

  1. Ahmed E, Mohay G, Tickle A, Bhatia S (2010) Use of ip addresses for high rate flooding attack detection. Security and privacy—silver linings in the cloud. Springer, Berlin, pp 124–135CrossRefGoogle Scholar
  2. Basseville M (1989) Distance measures for signal processing and pattern recognition. Signal Process 18(4):349–369MathSciNetCrossRefGoogle Scholar
  3. Bhattacharyya D, Kalita J (2013) Network anomaly detection: a machine learning perspective. CRC Press, Boca RatonGoogle Scholar
  4. Boro D, Bhattacharyya DK (2015) Particle swarm optimisation-based KNN for improving KNN and ensemble classification performance. Int J Innov Comput Appl IJICA 6(3/4):145–162CrossRefGoogle Scholar
  5. CAIDA (2007) The CAIDA DDoS Attack 2007 Dataset. In: CAIDA-Center for Applied Internet Data Analysis. http://www.caida.org
  6. CAIDA (2013) The CAIDA Anonymized Internet Traces 2013 Dataset. In: CAIDA-Center for Applied Internet Data Analysis. http://www.caida.org
  7. Chen SW, Wu JX, Ye XL, Guo T (2013) Distributed denial of service attacks detection method based on conditional random fields. J Netw 8(4):858–865Google Scholar
  8. Chen Y, Das S, Dhar P, Saddik AE, Nayak A (2008) Detecting and preventing IP-spoofed distributed DoS attacks. Int J Netw Secur 7(1):70–81Google Scholar
  9. Dietrich S, Goddard N, Long N (2000) Analyzing distributed denial of service tools: the Shaft case. Proc. USENIX LISA 2000:329–339Google Scholar
  10. Highleyman WH (2012) Islamic Hacktivists attack U.S. Banks. In: Availability Digests. http://www.availabilitydigest.com/public_articles/0710/bank_attacks.pdf
  11. Highleyman WH (2013a) History’s largest DDoS attack? In: Availability Digests. http://www.availabilitydigest.com/public_articles/0804/spamhaus.pdf
  12. Highleyman WH (2013b) Surviving DNS DDoS attacks. In: Availability Digests. http://www.availabilitydigest.com/public_articles/0811/secure64.pdf
  13. Jung J, Krishnamurthy B, Rabinovich M (2002) Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proc 11th Int Conf World Wide Web, ACM, pp 293–304Google Scholar
  14. Liu H, Sun Y, Valgenti VC, Kim MS (2011) TrustGuard: a flow-level reputation-based DDoS defense system. In: IEEE consumer communications and networking conf. (CCNC), IEEE, pp 287–291Google Scholar
  15. Liu J, Yang X, Ghaboosi K, Deng H, Zhang J (2009) Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP J Wirel Commun Netw 2009(9):1–11Google Scholar
  16. MIT Lincoln Laboratory Datasets (1999) 1999 DARPA intrusion detection dataset. In: DARPA intrusion detection evaluation. https://www.ll.mit.edu/ideval/data/1999data.html
  17. Opitz D, Maclin R (1999) Popular ensemble methods: an empirical study. J Art Intell Res 11:169–198zbMATHGoogle Scholar
  18. Paxson V (2001) An analysis of using reflectors for distributed denial-of-service attacks. SIGCOMM Comput Commun Rev 31(3):38–47CrossRefGoogle Scholar
  19. Polikar R (2006) Ensemble based systems in decision making. IEEE Circuits Syst Mag 6(3):21–45CrossRefGoogle Scholar
  20. Preetha G, Devi BSK, Shalinie SM (2014) Autonomous agent for DDoS attack detection and defense in an experimental testbed. Int J Fuzzy Syst 16(4):520–528Google Scholar
  21. Puri R (2003) Bots and botnet: an overview. In: SANS Institute Information Security Reading RoomGoogle Scholar
  22. Rahmani H, Sahli N, Kamoun F (2012) DDoS flooding attack detection scheme based on F-divergence. Comput Commun 35(11):1380–1391CrossRefGoogle Scholar
  23. Rawal B, Ramcharan H, Tsetse A (2013) Emergence of DDoS resistant augmented Split architecture. In: 10th Int. Conf. high capacity optical networks and enabling technologies (HONET-CNS), IEEE, pp 37–43Google Scholar
  24. Renyi A (1961) On measures of entropy and information. In: Proceedings of the 4th Berkeley symposium on mathematical statistics and probability, University of California Press, pp 547–561Google Scholar
  25. Rokach L (2010) Ensemble-based classifiers. Art Intell Rev 33:1–39CrossRefGoogle Scholar
  26. Salem O, Makke A, Tajer J, Mehaoua A (2011) Flooding attacks detection in traffic of backbone networks. In: IEEE 36th conf. on local computer networks, IEEE, pp 441–449Google Scholar
  27. Shannon CE (1948) A mathematical theory of communication. Bell Syst Tech J 27:379–423MathSciNetCrossRefzbMATHGoogle Scholar
  28. Tang J, Cheng Y, Hao Y, Song W (2014) SIP flooding attack detection with a multi-dimensional sketch design. IEEE Trans Depend Secure Comput 11(6):582–595CrossRefGoogle Scholar
  29. Wolpert DH (1992) Stacked generalization. Neural Netw 5:241–259CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringTezpur UniversityTezpurIndia

Personalised recommendations