Skip to main content
SpringerLink
Log in

DDoS-Attacks Identification Based on the Methods of Traffic Dynamic Filtration and Bayesian Classification

  • Conference paper
  • First Online:
Modern Information Technology and IT Education (SITITO 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1201))

Abstract

An approach to the problem of DDoS attacks identifying is considered, it includes: formation of network traffic’s secondary informative features of its temporal structure, based on the observed primary characteristics (header of data packets), detection of attacks, and classification of attack types. The first task is solved by the method of dynamic filtering, the second – by estimating of changes in the statistic of traffic secondary informative features by the minimum set of their observations, and the third – by the Bayesian classification. For traffic dynamic filtering, it is suggested to use: the causal transformation operator, the evolution operator, and median and correlation operators. For attacks detection, Wald’s sequential analysis is applied. Experimental studies were conducted on the test stand with special software complex for simulating DDoS attacks and software complex for their detection and identification. The results that our software complex for DDoS attacks detection and identification achieves are: detection of network attacks of various types based on joint consideration of probabilistic statistics generated separately by the values of parameters of address and load fields of data packet headers; using the obtained statistics to detect attacks with a priori specified values of errors of the 1st and 2nd type; the choice of an adequate method of protection against DDoS-attacks, taking into account its type.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004). https://doi.org/10.1145/997150.997156

    Article  Google Scholar 

  2. Sindhu Arumugam, D.V., Sumathi, M.V.P.: Detection of botnet using fuzzy C-means clustering by analyzing the network traffic. Int. J. Sci. Eng. Res. 6(4), 475–479 (2015)

    Google Scholar 

  3. Raghavan, S.V., Dawson, E. (eds.): An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection, 1st edn. Springer, New Delhi (2011). https://doi.org/10.1007/978-81-322-0277-6

    Book  Google Scholar 

  4. Sanders, C.: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd edn. No Starch Press Inc, San Francisco (2011)

    Google Scholar 

  5. Bhattacharyya, D.K., Kalita, J.K.: DDoS Attacks. Evolution, Detection, Prevention, Reaction and Tolerance. Taylor and Francis, Boca Raton (2016)

    Book  Google Scholar 

  6. Bonguet, A., Bellaiche, M.: A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing. Future Internet 9(3), 43 (2017). https://doi.org/10.3390/fi9030043

    Article  Google Scholar 

  7. Liu, Y., Zhang, L., Guan, Y.: Sketch-based streaming PCA algorithm for network-wide traffic anomaly detection. In: 2010 IEEE 30th International Conference on Distributed Computing Systems, pp. 807–816. Department of Electrical and Computer Engineering Iowa State University, Ames (2010). https://doi.org/10.1109/icdcs.2010.45

  8. Srihari, V., Anitha, R.: DDoS detection system using wavelet features and semi-supervised learning. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds.) SSCC 2014. CCIS, vol. 467, pp. 291–303. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44966-0_28

    Chapter  Google Scholar 

  9. Kind, A., Stoecklin, M.P., Dimitropoulos, X.: Histogram-based traffic anomaly detection. IEEE Trans. Netw. Serv. Manage. 6(2), 110–121 (2009). https://doi.org/10.1109/TNSM.2009.090604

    Article  Google Scholar 

  10. Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39(2), 1822–1829 (2012). https://doi.org/10.1016/j.eswa.2011.08.068

    Article  Google Scholar 

  11. Ye, J., Cheng, X., Zhu, J., Feng, L., Song, L.: A DDoS attack detection method based on SVM in software defined network. Secur. Commun. Netw. 2018 (2018). Article no. 9804061. http://doi.org/10.1155/2018/9804061

  12. Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Trans. Dependable Secure Comput. 2(4), 324–335 (2005). https://doi.org/10.1109/TDSC.2005.50

    Article  Google Scholar 

  13. Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007). https://doi.org/10.1145/1198255.1198257

    Article  Google Scholar 

  14. Reddy, V.S., Rao, K.D., Lakshmi, P.S.: Efficient detection of DDoS attacks by entropy variation. IOSR J. Comput. Eng. 7(1), 13–18 (2012). https://doi.org/10.9790/0661-0711318

    Article  Google Scholar 

  15. Yu, S., Zhou, W., Jia, S., Guo, W., Xiang, Y., Tang, F.: Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6), 1073–1080 (2012). https://doi.org/10.1109/TPDS.2011.262

    Article  Google Scholar 

  16. Galayev, V.S., Krasnov, A.E., Nikol’skii, D.N., Repin, D.S.: The space of structural features for increasing the effectiveness of algorithms for detecting network attacks, based on the detection of deviations in traffic of extremely large volumes. Int. J. Appl. Eng. Res. 12(21), 10781–10790 (2017)

    Google Scholar 

  17. Ke, L., Wanlei, Z., Ping, L., Jianwen, L.: Distinguishing DDoS attacks from flash crowds using probability metrics. In: 2009 IEEE Third International Conference on Network and System Security, pp. 9–17. School of Engineering and Information Technology Deakin University, Shanghai (2009). https://doi.org/10.1109/nss.2009.35

  18. Chawla, S., Sachdeva, M., Behal, S.: Discrimination of DDoS attacks and flash events using pearson’s product moment correlation method. Int. J. Comput. Sci. Inf. Secur. 14(10), 382–389 (2016)

    Google Scholar 

  19. Malina, L., Dzurenda, P., Hajny, J.: Testing of DDoS protection solutions. In: Security and Protection of Information 2015, Brno, Czech, pp. 113–128 (2015)

    Google Scholar 

  20. Chen, J.H., Zhong, M., Chen, F.J., Zhang, A.D.: DDoS defense system with turing test and neural network. In: IEEE International Conference on Granular Computing, Hangzhou, China, pp. 38–43 (2012) https://doi.org/10.1109/grc.2012.6468680

  21. Gupta, B.B., Joshi, R.C., Misra, M.: ANN based scheme to predict number of zombies in a DDoS attack. Int. J. Netw. Secur. 14(2), 61–70 (2012)

    Google Scholar 

  22. Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172(C), 385–393 (2016). https://doi.org/10.1016/j.neucom.2015.04.101

    Article  Google Scholar 

  23. Baishya, R.C., Hoque, N., Bhattacharyya, D.K.: DDoS attack detection using unique source IP deviation. Int. J. Netw. Secur. 19(6), 929–939 (2017). https://doi.org/10.6633/IJNS.201711.19(6).09)

    Article  Google Scholar 

  24. Thang, T.M., Nguyen, V.K.: Synflood spoof source DDoS attack defence based on packet ID anomaly detection - PIDAD. Information Science and Applications (ICISA) 2016. LNEE, vol. 376, pp. 739–751. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0557-2_72

    Chapter  Google Scholar 

  25. Chen, C.M., Lin, H.C.: Detecting botnet by anomalous traffic. J. Inf. Secur. Appl. 21, 42–51 (2015). https://doi.org/10.1016/j.jisa.2014.05.002

    Article  Google Scholar 

  26. Dietrich, C.J., Rossow, C., Pohlmann, N.: CoCoSpot: clustering and recognizing botnet command and control channels using traffic analysis. Comput. Netw. 57(2), 475–486 (2013). https://doi.org/10.1016/j.comnet.2012.06.019

    Article  Google Scholar 

  27. Terzi, D.S., Terzi, R., Sagiroglu, S.: Big data analytics for network anomaly detection from net flow data. In: 2017 IEEE International Conference of Computer Science and Engineering (UBMK), Antalya, Turkey, pp. 592–597 (2017) https://doi.org/10.1109/ubmk.2017.8093473

  28. Lu, W., Rammidi, G., Ghorbani, A.A.: Clustering botnet communication traffic based on n-gram feature selection. Comput. Commun. 34(3), 502–514 (2011). https://doi.org/10.1016/j.comcom.2010.04.007

    Article  Google Scholar 

  29. Wang, K., Huang, C.-Y., Lin, S.-J., Lin, Y.-D.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55(15), 3275–3286 (2011). https://doi.org/10.1016/j.comnet.2011.05.026

    Article  Google Scholar 

  30. Krasnov, A.E., Nadezhdin, E.N., Galayev, V.S., Zykova, E.A., Nikol’skii, D.N., Repin, D.S.: DDoS attack detection based on network traffic phase coordinates analysis. Int. J. Appl. Eng. Res. 13(8), 5647–5654 (2018)

    Google Scholar 

  31. Nolte, D.D.: The tangled tale of phase space. Phys. Today 63(4), 31–33 (2010). https://doi.org/10.1063/1.3397041

    Article  Google Scholar 

  32. Krasnov, A.E., Nadezhdin, E.N., Nikol’skii, D.N., Repin, D.S., Galayev, V.S.: Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics. Bull. Udmurt Univ. Math. Mech. Comput. Sci. 28(3), 407–418 (2018). [in Russian]. https://doi.org/10.20537/vm180310

  33. Demidovich, B.P.: Lectures on the Mathematical Theory of Stability. Nauka, Moscow (1967). [in Russian]

    MATH  Google Scholar 

  34. Sitenko, A.G.: Scattering Theory (Lecture Course), 2nd edn. Viwa shkola, Kiev (1975). [in Russian]

    Google Scholar 

  35. Peano, G.: Intégration par séries des équations différentielles linéaires. Math. Ann. 32, 450–456 (1888). https://doi.org/10.1007/BF01443609

    Article  MathSciNet  MATH  Google Scholar 

  36. Dyson, F.J.: The S matrix in quantum electrodynamics. Phys. Rev. 75(11), 1736–1755 (1949). https://doi.org/10.1103/PhysRev.75.1736

    Article  MathSciNet  MATH  Google Scholar 

  37. Wald, A.: Sequential Analysis. Wiley, New York (1947)

    MATH  Google Scholar 

  38. Krasnov, A.E., Nadezhdin, E.N., Nikol’ski, D.N., Repin, D.S.: Concept of the DDoS-attack detection database complex on the basis of intellectual analysis of network traffic. In: Kolesnikov, A.V. (ed.) Proceedings of the IV All-Russian Pospelovsky Conference with International Participation “Hybrid and Synergetic Intellectual Systems”, pp. 349–354. Immanuel Kant Baltic Federal University, Kaliningrad (2018). [in Russian]. https://elibrary.ru/item.asp?id=34914854&

Download references

Author information

Authors and Affiliations

  1. Federal State Autonomous Educational Establishment of Additional Professional Education “Center of Realization of State Educational Policy and Informational Technologies”, Golovinskoe shosse 8, korp. 2a, 125212, Moscow, Russia

    Andrey Krasnov, Evgeniy Nadezhdin, Dmitri Nikol’skii & Petr Panov

Authors
  1. Andrey Krasnov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Evgeniy Nadezhdin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dmitri Nikol’skii
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Petr Panov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrey Krasnov .

Editor information

Editors and Affiliations

  1. Moscow State University, Moscow, Russia

    Vladimir Sukhomlin

  2. Moscow State University, Moscow, Russia

    Elena Zubareva

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Krasnov, A., Nadezhdin, E., Nikol’skii, D., Panov, P. (2020). DDoS-Attacks Identification Based on the Methods of Traffic Dynamic Filtration and Bayesian Classification. In: Sukhomlin, V., Zubareva, E. (eds) Modern Information Technology and IT Education. SITITO 2018. Communications in Computer and Information Science, vol 1201. Springer, Cham. https://doi.org/10.1007/978-3-030-46895-8_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-46895-8_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-46894-1

  • Online ISBN: 978-3-030-46895-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation