Skip to main content
SpringerLink
Log in

Protection of DDoS Attacks at the Application Layer: HyperLogLog (HLL) Cardinality Estimation

  • Conference paper
  • First Online:
Cognitive Informatics and Soft Computing

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1317))

Abstract

Distributed denial-of-service attacks are one of the toughest attacks on Web applications. All of this is targeted at draining the network storage bandwidth and is known as DDoS attacks on the network layer. DDoS attacks recently started to hit the application layer. These attacks can be conducted with a comparatively small number of attacks in contrast to network layer attacks. They often use legal layer software, making it hard to identify existing security mechanisms. Count distinct or cardinality estimates are commonly used in defense network surveillance. For example, they may be used to identify the spread of ransomware, network scans or server attack. There are several cardinality-estimating algorithms. One of the most commonly  used method was HyperLogLog (HLL). HLL is simple, offers a large range of cardinality estimates, takes only a limited amount of memory and makes it easy to combine the estimates from dissimilar sources. Though, HLL will itself is the targets of attacking individuals who wish to stop being observed as it is widely used to detect attacks. In this letter, we take an initial step in exposing a DDoS attacks and vulnerability of HLL that lets an attacker to manipulate its estimate. This displays the importance of designing secure HLL implementations. In the second part of the letter, we propose an effective protection technique to identify as well as avoid the HLL manipulation. The outcomes highlight the need to further study protection of DDoS attacks and HLL’s safety since it is widely used in several computing applications as well as networking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Praseed, A., Thilagam, P.S.: DDoS attacks at the application layer: challenges and research perspectives for safeguarding Web applications. IEEE Commun. Surveys Tutorials 21, 661–685 (2018)

    Article  Google Scholar 

  2. Yadav, S., Subramanian, S.: Detection of application layer DDoS attack by feature learning using stacked AutoEncoder. In: 2016 International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT), pp. 361–366 (2016)

    Google Scholar 

  3. Devi, S.R., Yogesh P.: An effective approach to counter application layer DDoS attacks. In: 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT’12), pp. 1–4 (2012)

    Google Scholar 

  4. Sivabalan, S., Radcliffe P.J.: A novel framework to detect and block DDoS attack at the application layer. In: IEEE 2013 Tencon-Spring, pp. 578–582 (2013)

    Google Scholar 

  5. Bhosale, K.S., Nenova, M., Iliev, G.: The distributed denial of service attacks (DDoS) prevention mechanisms on application layer. In: 2017 13th International Conference on Advanced Technologies, Systems and Services in Telecommunications (TELSIKS), pp. 136–139 (2017)

    Google Scholar 

  6. Harmouch, H., Naumann, F.: Cardinality estimation: an experimental survey. Proc. VLDB Endowment 11, 499–512 (2017)

    Article  Google Scholar 

  7. Najafabadi, M. M., Khoshgoftaar, T.M., Calvert, C., Kemp, C.: User behavior anomaly detection for application layer DDoS attacks. In: 2017 IEEE International Conference on Information Reuse and Integration (IRI), pp. 154–161 (2017)

    Google Scholar 

  8. Rajesh, D., Sivakalai, R.: Detection and isolation of attacks in manet using ts-aomdv. Int. J. MC Square Sci. Res. 8, 170–182 (2016)

    Google Scholar 

  9. Chinnaiah, B., Prasad, C.: Confined home automation system using smartphone based on hybrid module. Int. J. Sci. Technol. Res. 9, 770–773 (2020)

    Google Scholar 

  10. Chinnaiah, B.: Multistage Interconnection Networks in Reliability Shuffle Exchange Networks, pp. 571–581. Springer (2019)

    Google Scholar 

  11. Chinnaiah B.: CEP Support for Detection of Application Layer Attacks. In IEEE Conference on CICT’2018, IEEE UP Chapter, pp. 1–5, (2018).

    Google Scholar 

  12. Chinnaiah, B.: Performance analysis of detection and prediction of DDoS attacks in LRWPAN MAC layer using fuzzy systems. Int. J. Pure Appl. Mathe. 118, 747–753 (2018)

    Google Scholar 

  13. Beckett, D., Sezer, S., McCanny, J.: New sensing technique for detecting application layer DDoS attacks targeting back-end database resources. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–7 (2017)

    Google Scholar 

  14. Kachavimath, A.V., Nazare, S.V., Akki, S.S.: Distributed denial of service attack detection using Naïve Bayes and K-Nearest neighbour for network forensics. In: 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), pp. 711–717 (2020)

    Google Scholar 

  15. Khalaf, B.A., Mostafa, S.A., Mustapha, A., Abdullah, N.: An adaptive model for detection and prevention of DDoS and flash crowd flooding attacks. In: 2018 International Symposium on Agent, Multi-Agent Systems and Robotics (ISAMSR), pp. 1–6 (2018)

    Google Scholar 

  16. Afek, Y., Bremler-Barr, A., Cohen, E., Feibish, S.L., Shagam, M.: Efficient distinct heavy hitters for DNS DDoS attack detection. arXiv preprint arXiv:1612.02636 (2016)

  17. Reviriego, P., Ting D.: Security of HyperLogLog HLL) cardinality estimation vulnerabilities and protection. IEEE Commun. Lett. (2020)

    Google Scholar 

  18. Bozkus, C., Fraguela, B.B.: Accelerating the HyperLogLog cardinality estimation algorithm. In: Scientific Programming (2017)

    Google Scholar 

  19. Liu, H., Xu, M., Yu, Z., Corvinelli, V., Zuzarte, C.: Cardinality estimation using neural networks. In: Proceedings of the 25th Annual International Conference on Computer Science and Software Engineering, pp. 53–59 (2015)

    Google Scholar 

  20. Chinnaiah, B.: An overview: CEP support for detection of application layer attacks. Int. J. Pure Appl. Mathe. 118, 51–55 (2018)

    Google Scholar 

  21. Balarengadurai, C., Saraswathi, S.: Comparative analysis of detection of DDoS attacks in IEEE 802.15.4 low rate wireless personal area network. In: Proceedings of Elsevier Procedia Engineering, vol. 38, pp. 3855–3863 (2012)

    Google Scholar 

  22. Balarengadurai, C., Saraswathi, S.: Detection of jamming attacks in IEEE 802.15.4 low rate wireless personal area network using fuzzy systems. In: IEEE Explore, pp. 32-38 (2012)

    Google Scholar 

  23. Balarengadurai, C., Saraswathi, S.: A Fuzzy based detection technique for jamming attacks in IEEE 802.15.4 low rate wireless personal area networks. In: Proceeding of IEEE Explore, pp. 253–259 (2015)

    Google Scholar 

  24. Balarengadurai, C., Saraswathi, S.: Fuzzy logic-based detection of DDoS attacks in IEEE 802.15.4 low rate wireless personal area network. Indersci. Int. J. Trust Manage. Comput. Commun. 1, 243–260 (2013)

    Google Scholar 

  25. Balarengadurai, C., Saraswathi, S.: A fuzzy logic system for detecting ping pong effect attack in IEEE 802.15.4 low rate wireless personal area network. J. Adv. Intell. Syst. Comput.-Springer Verlag. 182, 405–416 (2013)

    Google Scholar 

  26. C Balarengadurai C., Saraswathi S.: Fuzzy based detection and prediction of DDoS attacks in IEEE 802.15.4 low rate wireless personal area network. Int. J. Comput. Sci. 10, 293–310 (2013)

    Google Scholar 

  27. Lokesh, C.H., Balarengadurai, C.: Prevention of authentication problems using quantum cryptography. Int. J. Res. Electron. Comput. Eng. 6, 737–740 (2018)

    Google Scholar 

  28. Anil, K.K., Balarengadurai, C.: Prevention of misbehaving users in unknown networks. Int. J. Res. Electron. Comput. Eng. 6, 753–756 (2018)

    Google Scholar 

  29. Hemalatha, R.J., Vijaybaskar, V., Thamizhvani, T.R.: Automatic localization of anatomical regions in medical ultrasound images of rheumatoid arthritis using deep learning. Proc. Inst. Mech. Eng. 233, 657–667 (2019)

    Article  Google Scholar 

  30. Narayanan, K.L., Ramesh, G.P.: Vlsi architecture for 2D-discrete wavelet transform (DWT) based lifting method. Indian J. Public Health Res. Develop. 8, 644–649 (2017)

    Article  Google Scholar 

  31. Chabchoub, Y., Chiky, R., Dogan, B.: How can sliding HyperLogLog and EWMA detect port scan attacks in IP traffic? EURASIP J. Informat. Sec. 1 (2014)

    Google Scholar 

  32. Swaminathan, M.: Data mining based malicious application detection of android. Int. J. MC Square Sci. Res. 10, 8–16 (2018)

    Google Scholar 

  33. Bhoi, A.K., Mallick, P.K., Liu, C.M., Balas, V.E.: Bio-inspired Neurocomputing. Springer Nature (2021)

    Google Scholar 

  34. Mishra, S., Tripathy, H.K., Mallick, P.K., Bhoi, A.K., Barsocchi, P.: EAGA-MLP-an enhanced and adaptive hybrid classification model for diabetes diagnosis. Sensors 20, 4036 (2020)

    Article  Google Scholar 

  35. Mallick, P.K., Balas, V.E., Bhoi, A.K., Zobaa, A.F. (eds.): Cognitive Informatics and Soft Computing: Proceeding of CISC 2017, vol. 768 (2019)

    Google Scholar 

  36. Mallick, P.K., Balas, V.E., Bhoi, A.K., Chae, G.-S. (eds.): Cognitive Informatics and Soft Computing: Proceeding of CISC 2019, vol. 768 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Marri Laxman Reddy Institute of Technology and Management, Hyderabad, India

    Balarengadurai Chinnaiah

Authors
  1. Balarengadurai Chinnaiah
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Engineering, Kalinga Institute of Industrial Technology, Bhubaneswar, Odisha, India

    Pradeep Kumar Mallick

  2. Department of Electrical and Electronics Engineering, Sikkim Manipal Institute of Technology, Sikkim Manipal University, Majitar, India

    Akash Kumar Bhoi

  3. Polytechnic of Coimbra, ESTGOH, Rua General Santos Costa, Oliveira do Hospital, Portugal

    Gonçalo Marques

  4. Graduate Program on Teleinformatics Engineering, Federal University of Ceará, Fortaleza/CE, Brazil

    Victor Hugo C. de Albuquerque

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chinnaiah, B. (2021). Protection of DDoS Attacks at the Application Layer: HyperLogLog (HLL) Cardinality Estimation. In: Mallick, P.K., Bhoi, A.K., Marques, G., Hugo C. de Albuquerque, V. (eds) Cognitive Informatics and Soft Computing. Advances in Intelligent Systems and Computing, vol 1317. Springer, Singapore. https://doi.org/10.1007/978-981-16-1056-1_46

Download citation

Publish with us

Policies and ethics

Search

Navigation