Abstract
Distributed denial-of-service (DDoS) is a very powerful attack on Internet resources as well as system resources. Hence, it is imperative to detect these attacks in real time else the impact will be irresistible.In this work we propose a new method of applying cumulative sum (CUSUM) algorithm to track variations of the attack characteristic variable X(n) from the observed traffic (specific to different kinds of attacks) and raise an alarm based on threshold. But often a threshold based mechanism produces many false alarms. Adaptive Neuro Fuzzy Inference System (ANFIS) which is capable of removing the abrupt separation between normality and abnormality as well as appropriately select the membership function parameters has been used for detection of attacks based on CUSUM values. The detection mechanism is well corroborated by experimental results.
This work is a part of the CDBR-Smart and Secure Environment project sponsored by NTRO, New Delhi, India.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Specht, S., Lee, B.: Distributed denial of service: taxonomies of attacks, tools and countermeasures. In: Proc. of the 17th ICPADS, International Workshop on Security in Parallel and Distributed Systems, pp. 543–550 (September 2004)
Moore, D., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-Service Activity. In: Proc. Usenix Security Symp., Usenix Assoc. (2001)
Wang, H., Zhang, D., Shin, K.G.: Change-Point Monitoring for the Detection of DoS Attacks. IEEE Transactions on Dependable and Secure Computing 1(4) (October-December 2004)
Mirkovic, J., Reiher, P.: Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Comunication Review 34(2) (August 2004)
Sourcefire Snort: The Open Source Network Intrusion Detection System
Mirkovic, J.: D-WARD: Source-End Defense Against Distributed Denial-of-Service Attacks, PhD thesis, University of California Los Angeles (August 2003)
Mahajan, R., Bellovin, S., Floyd, S., Paxson, V., Shenker, S.: Controlling high bandwidth aggregates in the network. ACM Computer Communications Review 32(3) (July 2002)
Yan, J., Early, S., Anderson, R.: The XenoService: A Distributed Defeat for Distributed Denial of Service. In: Proceedings of ISW 2000 (October 2000)
Gil, T.M.: Poletto. M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of 10th Usenix Security Symposium (August 2001)
Information Sciences Institute, Dynabone, http://www.isi.edu/dynabone/
Dittrich, D.: The Tribe Flood Network distributed denial of service attack tool, http://sta®.washington.edu/dittrich/misc/tfn.analysis.txt
Mazu Networks, Mazu Technical White Papers, http://www.mazunetworks.com/whitepapers/
BBN Technologies, Intrusion tolerance by unpredictability and adaptation, http://www.bbn.com/infosec/itua.html
Bernstein, D.J., Schenk, E.: Linux Kernel SYN Cookies Firewall Project, http://www.bronzesoft.org/project/scfw
Lemon, J.: Resisting SYN flood DoS attacks with a SYN cache. In: Proceedings of the BSDCon 2002 Conference, San Francisco, California, USA, USENIX Association (2002)
Wang, H., Zhang, D., Shin, K.: Detecting SYN Flooding Attacks. In: Proc. 21st Joint Conf. IEEE Computer and Comm. Societies (IEEE INFOCOM), pp. 1530–1539. IEEE Press (2002)
Peng, T., Leckie, C., Ramamohanarao, K.: Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. In: Mitrou, N.M., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds.) NETWORKING 2004. LNCS, vol. 3042, pp. 771–782. Springer, Heidelberg (2004)
Zhou, Z., Xie, D., Xiong, W.: A Novel Distributed Detection Scheme against DDoS Attack. Journal of Networks 4(9), 921–928 (2009), doi:10.4304/jnw.4.9.921-928
Leu, F., Li, Z.: Detecting DoS and DDoS Attacks by Using an Intrusion Detection and Remote Prevention System. In: International Symposium on Information Assurance and Security, vol. 2, pp. 251–254 (2009); 2009 Fifth International Conference on Information Assurance and Security (2009)
Brodsky, B.E., Darkhovsky, B.S.: Nonparametric Methods in Change-Point Problems. Kluwer Academic (1993)
Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Application. Prentice-Hall (1993)
Shing, J., Jang, R.: ANFIS: Adaptive-Network-Based Fuzzy Inference System. IEEE Transactions on Systems, Man, and Cybernetics 23(3) (May/June 1993)
Hick, P., Aben, E., Polterock, J.: The CAIDA DDoS Attack 2007 Dataset (2007), http://www.caida.org/data/passive/ddos-20070804_dataset.xml
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag GmbH Berlin Heidelberg
About this paper
Cite this paper
Anitha, R., Karthik, R., Pravin, V., Thirugnanam, K. (2012). A Real Time Detection of Distributed Denial-of-Service Attacks Using Cumulative Sum Algorithm and Adaptive Neuro-Fuzzy Inference System. In: Wyld, D., Zizka, J., Nagamalai, D. (eds) Advances in Computer Science, Engineering & Applications. Advances in Intelligent Systems and Computing, vol 167. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30111-7_74
Download citation
DOI: https://doi.org/10.1007/978-3-642-30111-7_74
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30110-0
Online ISBN: 978-3-642-30111-7
eBook Packages: EngineeringEngineering (R0)