Top

Published in:

2020 | OriginalPaper | Chapter

DDoS-Attacks Identification Based on the Methods of Traffic Dynamic Filtration and Bayesian Classification

Authors : Andrey Krasnov, Evgeniy Nadezhdin, Dmitri Nikol’skii, Petr Panov

Published in: Modern Information Technology and IT Education

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

An approach to the problem of DDoS attacks identifying is considered, it includes: formation of network traffic’s secondary informative features of its temporal structure, based on the observed primary characteristics (header of data packets), detection of attacks, and classification of attack types. The first task is solved by the method of dynamic filtering, the second – by estimating of changes in the statistic of traffic secondary informative features by the minimum set of their observations, and the third – by the Bayesian classification. For traffic dynamic filtering, it is suggested to use: the causal transformation operator, the evolution operator, and median and correlation operators. For attacks detection, Wald’s sequential analysis is applied. Experimental studies were conducted on the test stand with special software complex for simulating DDoS attacks and software complex for their detection and identification. The results that our software complex for DDoS attacks detection and identification achieves are: detection of network attacks of various types based on joint consideration of probabilistic statistics generated separately by the values of parameters of address and load fields of data packet headers; using the obtained statistics to detect attacks with a priori specified values of errors of the 1st and 2nd type; the choice of an adequate method of protection against DDoS-attacks, taking into account its type.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter On the Problem of Correctness and Stability of Composite Indices of Complex Systems

next chapter Source Code Authorship Identification Using Tokenization and Boosting Algorithms

Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004). https://doi.org/10.1145/997150.997156CrossRef

Sindhu Arumugam, D.V., Sumathi, M.V.P.: Detection of botnet using fuzzy C-means clustering by analyzing the network traffic. Int. J. Sci. Eng. Res. 6(4), 475–479 (2015)

Raghavan, S.V., Dawson, E. (eds.): An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection, 1st edn. Springer, New Delhi (2011). https://doi.org/10.1007/978-81-322-0277-6CrossRef

Sanders, C.: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd edn. No Starch Press Inc, San Francisco (2011)

Bhattacharyya, D.K., Kalita, J.K.: DDoS Attacks. Evolution, Detection, Prevention, Reaction and Tolerance. Taylor and Francis, Boca Raton (2016)CrossRef

Bonguet, A., Bellaiche, M.: A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing. Future Internet 9(3), 43 (2017). https://doi.org/10.3390/fi9030043CrossRef

Liu, Y., Zhang, L., Guan, Y.: Sketch-based streaming PCA algorithm for network-wide traffic anomaly detection. In: 2010 IEEE 30th International Conference on Distributed Computing Systems, pp. 807–816. Department of Electrical and Computer Engineering Iowa State University, Ames (2010). https://doi.org/10.1109/icdcs.2010.45

Srihari, V., Anitha, R.: DDoS detection system using wavelet features and semi-supervised learning. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds.) SSCC 2014. CCIS, vol. 467, pp. 291–303. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44966-0_28CrossRef

Kind, A., Stoecklin, M.P., Dimitropoulos, X.: Histogram-based traffic anomaly detection. IEEE Trans. Netw. Serv. Manage. 6(2), 110–121 (2009). https://doi.org/10.1109/TNSM.2009.090604CrossRef

10.

Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39(2), 1822–1829 (2012). https://doi.org/10.1016/j.eswa.2011.08.068CrossRef

11.

Ye, J., Cheng, X., Zhu, J., Feng, L., Song, L.: A DDoS attack detection method based on SVM in software defined network. Secur. Commun. Netw. 2018 (2018). Article no. 9804061. http://doi.org/10.1155/2018/9804061

12.

Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Trans. Dependable Secure Comput. 2(4), 324–335 (2005). https://doi.org/10.1109/TDSC.2005.50CrossRef

13.

Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic classification through simple statistical fingerprinting. ACM SIGCOMM Comput. Commun. Rev. 37(1), 5–16 (2007). https://doi.org/10.1145/1198255.1198257CrossRef

14.

Reddy, V.S., Rao, K.D., Lakshmi, P.S.: Efficient detection of DDoS attacks by entropy variation. IOSR J. Comput. Eng. 7(1), 13–18 (2012). https://doi.org/10.9790/0661-0711318CrossRef

15.

Yu, S., Zhou, W., Jia, S., Guo, W., Xiang, Y., Tang, F.: Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6), 1073–1080 (2012). https://doi.org/10.1109/TPDS.2011.262CrossRef

16.

Galayev, V.S., Krasnov, A.E., Nikol’skii, D.N., Repin, D.S.: The space of structural features for increasing the effectiveness of algorithms for detecting network attacks, based on the detection of deviations in traffic of extremely large volumes. Int. J. Appl. Eng. Res. 12(21), 10781–10790 (2017)

17.

Ke, L., Wanlei, Z., Ping, L., Jianwen, L.: Distinguishing DDoS attacks from flash crowds using probability metrics. In: 2009 IEEE Third International Conference on Network and System Security, pp. 9–17. School of Engineering and Information Technology Deakin University, Shanghai (2009). https://doi.org/10.1109/nss.2009.35

18.

Chawla, S., Sachdeva, M., Behal, S.: Discrimination of DDoS attacks and flash events using pearson’s product moment correlation method. Int. J. Comput. Sci. Inf. Secur. 14(10), 382–389 (2016)

19.

Malina, L., Dzurenda, P., Hajny, J.: Testing of DDoS protection solutions. In: Security and Protection of Information 2015, Brno, Czech, pp. 113–128 (2015)

20.

Chen, J.H., Zhong, M., Chen, F.J., Zhang, A.D.: DDoS defense system with turing test and neural network. In: IEEE International Conference on Granular Computing, Hangzhou, China, pp. 38–43 (2012) https://doi.org/10.1109/grc.2012.6468680

21.

Gupta, B.B., Joshi, R.C., Misra, M.: ANN based scheme to predict number of zombies in a DDoS attack. Int. J. Netw. Secur. 14(2), 61–70 (2012)

22.

Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172(C), 385–393 (2016). https://doi.org/10.1016/j.neucom.2015.04.101CrossRef

23.

Baishya, R.C., Hoque, N., Bhattacharyya, D.K.: DDoS attack detection using unique source IP deviation. Int. J. Netw. Secur. 19(6), 929–939 (2017). https://doi.org/10.6633/IJNS.201711.19(6).09)CrossRef

24.

Thang, T.M., Nguyen, V.K.: Synflood spoof source DDoS attack defence based on packet ID anomaly detection - PIDAD. Information Science and Applications (ICISA) 2016. LNEE, vol. 376, pp. 739–751. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0557-2_72CrossRef

25.

Chen, C.M., Lin, H.C.: Detecting botnet by anomalous traffic. J. Inf. Secur. Appl. 21, 42–51 (2015). https://doi.org/10.1016/j.jisa.2014.05.002CrossRef

26.

Dietrich, C.J., Rossow, C., Pohlmann, N.: CoCoSpot: clustering and recognizing botnet command and control channels using traffic analysis. Comput. Netw. 57(2), 475–486 (2013). https://doi.org/10.1016/j.comnet.2012.06.019CrossRef

27.

Terzi, D.S., Terzi, R., Sagiroglu, S.: Big data analytics for network anomaly detection from net flow data. In: 2017 IEEE International Conference of Computer Science and Engineering (UBMK), Antalya, Turkey, pp. 592–597 (2017) https://doi.org/10.1109/ubmk.2017.8093473

28.

Lu, W., Rammidi, G., Ghorbani, A.A.: Clustering botnet communication traffic based on n-gram feature selection. Comput. Commun. 34(3), 502–514 (2011). https://doi.org/10.1016/j.comcom.2010.04.007CrossRef

29.

Wang, K., Huang, C.-Y., Lin, S.-J., Lin, Y.-D.: A fuzzy pattern-based filtering algorithm for botnet detection. Comput. Netw. 55(15), 3275–3286 (2011). https://doi.org/10.1016/j.comnet.2011.05.026CrossRef

30.

Krasnov, A.E., Nadezhdin, E.N., Galayev, V.S., Zykova, E.A., Nikol’skii, D.N., Repin, D.S.: DDoS attack detection based on network traffic phase coordinates analysis. Int. J. Appl. Eng. Res. 13(8), 5647–5654 (2018)

31.

Nolte, D.D.: The tangled tale of phase space. Phys. Today 63(4), 31–33 (2010). https://doi.org/10.1063/1.3397041CrossRef

32.

Krasnov, A.E., Nadezhdin, E.N., Nikol’skii, D.N., Repin, D.S., Galayev, V.S.: Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics. Bull. Udmurt Univ. Math. Mech. Comput. Sci. 28(3), 407–418 (2018). [in Russian]. https://doi.org/10.20537/vm180310

33.

Demidovich, B.P.: Lectures on the Mathematical Theory of Stability. Nauka, Moscow (1967). [in Russian]MATH

34.

Sitenko, A.G.: Scattering Theory (Lecture Course), 2nd edn. Viwa shkola, Kiev (1975). [in Russian]

35.

Peano, G.: Intégration par séries des équations différentielles linéaires. Math. Ann. 32, 450–456 (1888). https://doi.org/10.1007/BF01443609MathSciNetCrossRefMATH

36.

Dyson, F.J.: The S matrix in quantum electrodynamics. Phys. Rev. 75(11), 1736–1755 (1949). https://doi.org/10.1103/PhysRev.75.1736MathSciNetCrossRefMATH

37.

Wald, A.: Sequential Analysis. Wiley, New York (1947)MATH

38.

Krasnov, A.E., Nadezhdin, E.N., Nikol’ski, D.N., Repin, D.S.: Concept of the DDoS-attack detection database complex on the basis of intellectual analysis of network traffic. In: Kolesnikov, A.V. (ed.) Proceedings of the IV All-Russian Pospelovsky Conference with International Participation “Hybrid and Synergetic Intellectual Systems”, pp. 349–354. Immanuel Kant Baltic Federal University, Kaliningrad (2018). [in Russian]. https://elibrary.ru/item.asp?id=34914854&

Title: DDoS-Attacks Identification Based on the Methods of Traffic Dynamic Filtration and Bayesian Classification
Authors: Andrey Krasnov
Evgeniy Nadezhdin
Dmitri Nikol’skii
Petr Panov
Publisher: Springer International Publishing
Book: Modern Information Technology and IT Education
Print ISBN: 978-3-030-46894-1

Electronic ISBN: 978-3-030-46895-8

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-46895-8_22

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner