Abstract
An approach to the problem of DDoS attacks identifying is considered, it includes: formation of network traffic’s secondary informative features of its temporal structure, based on the observed primary characteristics (header of data packets), detection of attacks, and classification of attack types. The first task is solved by the method of dynamic filtering, the second – by estimating of changes in the statistic of traffic secondary informative features by the minimum set of their observations, and the third – by the Bayesian classification. For traffic dynamic filtering, it is suggested to use: the causal transformation operator, the evolution operator, and median and correlation operators. For attacks detection, Wald’s sequential analysis is applied. Experimental studies were conducted on the test stand with special software complex for simulating DDoS attacks and software complex for their detection and identification. The results that our software complex for DDoS attacks detection and identification achieves are: detection of network attacks of various types based on joint consideration of probabilistic statistics generated separately by the values of parameters of address and load fields of data packet headers; using the obtained statistics to detect attacks with a priori specified values of errors of the 1st and 2nd type; the choice of an adequate method of protection against DDoS-attacks, taking into account its type.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004). https://doi.org/10.1145/997150.997156
Sindhu Arumugam, D.V., Sumathi, M.V.P.: Detection of botnet using fuzzy C-means clustering by analyzing the network traffic. Int. J. Sci. Eng. Res. 6(4), 475–479 (2015)
Raghavan, S.V., Dawson, E. (eds.): An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection, 1st edn. Springer, New Delhi (2011). https://doi.org/10.1007/978-81-322-0277-6
Sanders, C.: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd edn. No Starch Press Inc, San Francisco (2011)
Bhattacharyya, D.K., Kalita, J.K.: DDoS Attacks. Evolution, Detection, Prevention, Reaction and Tolerance. Taylor and Francis, Boca Raton (2016)
Bonguet, A., Bellaiche, M.: A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing. Future Internet 9(3), 43 (2017). https://doi.org/10.3390/fi9030043
Liu, Y., Zhang, L., Guan, Y.: Sketch-based streaming PCA algorithm for network-wide traffic anomaly detection. In: 2010 IEEE 30th International Conference on Distributed Computing Systems, pp. 807–816. Department of Electrical and Computer Engineering Iowa State University, Ames (2010). https://doi.org/10.1109/icdcs.2010.45
Srihari, V., Anitha, R.: DDoS detection system using wavelet features and semi-supervised learning. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds.) SSCC 2014. CCIS, vol. 467, pp. 291–303. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44966-0_28
Kind, A., Stoecklin, M.P., Dimitropoulos, X.: Histogram-based traffic anomaly detection. IEEE Trans. Netw. Serv. Manage. 6(2), 110–121 (2009). https://doi.org/10.1109/TNSM.2009.090604
Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39(2), 1822–1829 (2012). https://doi.org/10.1016/j.eswa.2011.08.068
Ye, J., Cheng, X., Zhu, J., Feng, L., Song, L.: A DDoS attack detection method based on SVM in software defined network. Secur. Commun. Netw. 2018 (2018). Article no. 9804061. http://doi.org/10.1155/2018/9804061
Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Trans. Dependable Secure Comput. 2(4), 324–335 (2005). https://doi.org/10.1109/TDSC.2005.50
Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007). https://doi.org/10.1145/1198255.1198257
Reddy, V.S., Rao, K.D., Lakshmi, P.S.: Efficient detection of DDoS attacks by entropy variation. IOSR J. Comput. Eng. 7(1), 13–18 (2012). https://doi.org/10.9790/0661-0711318
Yu, S., Zhou, W., Jia, S., Guo, W., Xiang, Y., Tang, F.: Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6), 1073–1080 (2012). https://doi.org/10.1109/TPDS.2011.262
Galayev, V.S., Krasnov, A.E., Nikol’skii, D.N., Repin, D.S.: The space of structural features for increasing the effectiveness of algorithms for detecting network attacks, based on the detection of deviations in traffic of extremely large volumes. Int. J. Appl. Eng. Res. 12(21), 10781–10790 (2017)
Ke, L., Wanlei, Z., Ping, L., Jianwen, L.: Distinguishing DDoS attacks from flash crowds using probability metrics. In: 2009 IEEE Third International Conference on Network and System Security, pp. 9–17. School of Engineering and Information Technology Deakin University, Shanghai (2009). https://doi.org/10.1109/nss.2009.35
Chawla, S., Sachdeva, M., Behal, S.: Discrimination of DDoS attacks and flash events using pearson’s product moment correlation method. Int. J. Comput. Sci. Inf. Secur. 14(10), 382–389 (2016)
Malina, L., Dzurenda, P., Hajny, J.: Testing of DDoS protection solutions. In: Security and Protection of Information 2015, Brno, Czech, pp. 113–128 (2015)
Chen, J.H., Zhong, M., Chen, F.J., Zhang, A.D.: DDoS defense system with turing test and neural network. In: IEEE International Conference on Granular Computing, Hangzhou, China, pp. 38–43 (2012) https://doi.org/10.1109/grc.2012.6468680
Gupta, B.B., Joshi, R.C., Misra, M.: ANN based scheme to predict number of zombies in a DDoS attack. Int. J. Netw. Secur. 14(2), 61–70 (2012)
Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172(C), 385–393 (2016). https://doi.org/10.1016/j.neucom.2015.04.101
Baishya, R.C., Hoque, N., Bhattacharyya, D.K.: DDoS attack detection using unique source IP deviation. Int. J. Netw. Secur. 19(6), 929–939 (2017). https://doi.org/10.6633/IJNS.201711.19(6).09)
Thang, T.M., Nguyen, V.K.: Synflood spoof source DDoS attack defence based on packet ID anomaly detection - PIDAD. Information Science and Applications (ICISA) 2016. LNEE, vol. 376, pp. 739–751. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0557-2_72
Chen, C.M., Lin, H.C.: Detecting botnet by anomalous traffic. J. Inf. Secur. Appl. 21, 42–51 (2015). https://doi.org/10.1016/j.jisa.2014.05.002
Dietrich, C.J., Rossow, C., Pohlmann, N.: CoCoSpot: clustering and recognizing botnet command and control channels using traffic analysis. Comput. Netw. 57(2), 475–486 (2013). https://doi.org/10.1016/j.comnet.2012.06.019
Terzi, D.S., Terzi, R., Sagiroglu, S.: Big data analytics for network anomaly detection from net flow data. In: 2017 IEEE International Conference of Computer Science and Engineering (UBMK), Antalya, Turkey, pp. 592–597 (2017) https://doi.org/10.1109/ubmk.2017.8093473
Lu, W., Rammidi, G., Ghorbani, A.A.: Clustering botnet communication traffic based on n-gram feature selection. Comput. Commun. 34(3), 502–514 (2011). https://doi.org/10.1016/j.comcom.2010.04.007
Wang, K., Huang, C.-Y., Lin, S.-J., Lin, Y.-D.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55(15), 3275–3286 (2011). https://doi.org/10.1016/j.comnet.2011.05.026
Krasnov, A.E., Nadezhdin, E.N., Galayev, V.S., Zykova, E.A., Nikol’skii, D.N., Repin, D.S.: DDoS attack detection based on network traffic phase coordinates analysis. Int. J. Appl. Eng. Res. 13(8), 5647–5654 (2018)
Nolte, D.D.: The tangled tale of phase space. Phys. Today 63(4), 31–33 (2010). https://doi.org/10.1063/1.3397041
Krasnov, A.E., Nadezhdin, E.N., Nikol’skii, D.N., Repin, D.S., Galayev, V.S.: Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics. Bull. Udmurt Univ. Math. Mech. Comput. Sci. 28(3), 407–418 (2018). [in Russian]. https://doi.org/10.20537/vm180310
Demidovich, B.P.: Lectures on the Mathematical Theory of Stability. Nauka, Moscow (1967). [in Russian]
Sitenko, A.G.: Scattering Theory (Lecture Course), 2nd edn. Viwa shkola, Kiev (1975). [in Russian]
Peano, G.: Intégration par séries des équations différentielles linéaires. Math. Ann. 32, 450–456 (1888). https://doi.org/10.1007/BF01443609
Dyson, F.J.: The S matrix in quantum electrodynamics. Phys. Rev. 75(11), 1736–1755 (1949). https://doi.org/10.1103/PhysRev.75.1736
Wald, A.: Sequential Analysis. Wiley, New York (1947)
Krasnov, A.E., Nadezhdin, E.N., Nikol’ski, D.N., Repin, D.S.: Concept of the DDoS-attack detection database complex on the basis of intellectual analysis of network traffic. In: Kolesnikov, A.V. (ed.) Proceedings of the IV All-Russian Pospelovsky Conference with International Participation “Hybrid and Synergetic Intellectual Systems”, pp. 349–354. Immanuel Kant Baltic Federal University, Kaliningrad (2018). [in Russian]. https://elibrary.ru/item.asp?id=34914854&
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Krasnov, A., Nadezhdin, E., Nikol’skii, D., Panov, P. (2020). DDoS-Attacks Identification Based on the Methods of Traffic Dynamic Filtration and Bayesian Classification. In: Sukhomlin, V., Zubareva, E. (eds) Modern Information Technology and IT Education. SITITO 2018. Communications in Computer and Information Science, vol 1201. Springer, Cham. https://doi.org/10.1007/978-3-030-46895-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-46895-8_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-46894-1
Online ISBN: 978-3-030-46895-8
eBook Packages: Computer ScienceComputer Science (R0)