Top

Microsystem Technologies

Published in:

18-05-2016 | Technical Paper

DyProSD: a dynamic protocol specific defense for high-rate DDoS flooding attacks

Authors: Debojit Boro, Dhruba K. Bhattacharyya

Published in: Microsystem Technologies | Issue 3/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

High-rate distributed denial of service (HDDoS) flooding attacks pose as a major threat to the Internet. Most present solutions based on machine learning approach are inept for detecting the attacks in real time due to high processing overhead. In this paper, we present a defense solution referred to as DyProSD that combines both the merits of feature-based and statistical approach to handle HDDoS flooding attacks. The statistical module marks the suspicious traffic and forwards to an ensemble of classifiers for ascertaining the traffic as malicious or normal. Our method filters the attack traffic protocol specifically by allocating various protocol specific filter engines dynamically. As and when DDoS attack occurs and the load of a filter engine reaches beyond its capable limit, a new filter engine is recruited dynamically from the idle resource pool for filtering, thus guaranteeing the quality of service for legitimate users concurrently. We establish the effectiveness of DyProSD through several experimental analysis and real-world dataset experiments and the results indicate enough confidence in favour of our solution.

previous article Wide range-low jitter PLL design for serializer

next article Enhancing data delivery with density controlled clustering in wireless sensor networks

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

http://www.techworld.com/news/security/worlds-largest-ddos-attack-reached-400gbps-says-arbor-networks-3595715/.

Ahmed E, Mohay G, Tickle A, Bhatia S (2010) Use of ip addresses for high rate flooding attack detection. Security and privacy—silver linings in the cloud. Springer, Berlin, pp 124–135CrossRef

Basseville M (1989) Distance measures for signal processing and pattern recognition. Signal Process 18(4):349–369MathSciNetCrossRef

Bhattacharyya D, Kalita J (2013) Network anomaly detection: a machine learning perspective. CRC Press, Boca Raton

Boro D, Bhattacharyya DK (2015) Particle swarm optimisation-based KNN for improving KNN and ensemble classification performance. Int J Innov Comput Appl IJICA 6(3/4):145–162CrossRef

CAIDA (2007) The CAIDA DDoS Attack 2007 Dataset. In: CAIDA-Center for Applied Internet Data Analysis. http://www.caida.org

CAIDA (2013) The CAIDA Anonymized Internet Traces 2013 Dataset. In: CAIDA-Center for Applied Internet Data Analysis. http://www.caida.org

Chen SW, Wu JX, Ye XL, Guo T (2013) Distributed denial of service attacks detection method based on conditional random fields. J Netw 8(4):858–865

Chen Y, Das S, Dhar P, Saddik AE, Nayak A (2008) Detecting and preventing IP-spoofed distributed DoS attacks. Int J Netw Secur 7(1):70–81

Dietrich S, Goddard N, Long N (2000) Analyzing distributed denial of service tools: the Shaft case. Proc. USENIX LISA 2000:329–339

Highleyman WH (2012) Islamic Hacktivists attack U.S. Banks. In: Availability Digests. http://www.availabilitydigest.com/public_articles/0710/bank_attacks.pdf

Highleyman WH (2013a) History’s largest DDoS attack? In: Availability Digests. http://www.availabilitydigest.com/public_articles/0804/spamhaus.pdf

Highleyman WH (2013b) Surviving DNS DDoS attacks. In: Availability Digests. http://www.availabilitydigest.com/public_articles/0811/secure64.pdf

Jung J, Krishnamurthy B, Rabinovich M (2002) Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proc 11th Int Conf World Wide Web, ACM, pp 293–304

Liu H, Sun Y, Valgenti VC, Kim MS (2011) TrustGuard: a flow-level reputation-based DDoS defense system. In: IEEE consumer communications and networking conf. (CCNC), IEEE, pp 287–291

Liu J, Yang X, Ghaboosi K, Deng H, Zhang J (2009) Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP J Wirel Commun Netw 2009(9):1–11

MIT Lincoln Laboratory Datasets (1999) 1999 DARPA intrusion detection dataset. In: DARPA intrusion detection evaluation. https://www.ll.mit.edu/ideval/data/1999data.html

Opitz D, Maclin R (1999) Popular ensemble methods: an empirical study. J Art Intell Res 11:169–198MATH

Paxson V (2001) An analysis of using reflectors for distributed denial-of-service attacks. SIGCOMM Comput Commun Rev 31(3):38–47CrossRef

Polikar R (2006) Ensemble based systems in decision making. IEEE Circuits Syst Mag 6(3):21–45CrossRef

Preetha G, Devi BSK, Shalinie SM (2014) Autonomous agent for DDoS attack detection and defense in an experimental testbed. Int J Fuzzy Syst 16(4):520–528

Puri R (2003) Bots and botnet: an overview. In: SANS Institute Information Security Reading Room

Rahmani H, Sahli N, Kamoun F (2012) DDoS flooding attack detection scheme based on F-divergence. Comput Commun 35(11):1380–1391CrossRef

Rawal B, Ramcharan H, Tsetse A (2013) Emergence of DDoS resistant augmented Split architecture. In: 10th Int. Conf. high capacity optical networks and enabling technologies (HONET-CNS), IEEE, pp 37–43

Renyi A (1961) On measures of entropy and information. In: Proceedings of the 4th Berkeley symposium on mathematical statistics and probability, University of California Press, pp 547–561

Rokach L (2010) Ensemble-based classifiers. Art Intell Rev 33:1–39CrossRef

Salem O, Makke A, Tajer J, Mehaoua A (2011) Flooding attacks detection in traffic of backbone networks. In: IEEE 36th conf. on local computer networks, IEEE, pp 441–449

Shannon CE (1948) A mathematical theory of communication. Bell Syst Tech J 27:379–423MathSciNetCrossRefMATH

Tang J, Cheng Y, Hao Y, Song W (2014) SIP flooding attack detection with a multi-dimensional sketch design. IEEE Trans Depend Secure Comput 11(6):582–595CrossRef

Wolpert DH (1992) Stacked generalization. Neural Netw 5:241–259CrossRef

Title: DyProSD: a dynamic protocol specific defense for high-rate DDoS flooding attacks
Authors: Debojit Boro
Dhruba K. Bhattacharyya
Publication date: 18-05-2016
Publisher: Springer Berlin Heidelberg
Published in: Microsystem Technologies / Issue 3/2017
Print ISSN: 0946-7076
Electronic ISSN: 1432-1858
DOI: https://doi.org/10.1007/s00542-016-2978-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Other articles of this Issue 3/2017

Design optimization of capillary-driven micromixer with square-wave microchannel for blood plasma mixing

Electrical and morphological characterization of platinum thin-films with various adhesion layers for high temperature applications

Special issue on computing, communication and sensor network: CCSN, Puri, Odisha, India, 2014

An edge preserving IBP based super resolution image reconstruction using P-spline and MuCSO-QPSO algorithm

Rice-like CuO nanostructures for sensitive electrochemical sensing of hydrazine

Erratum to: Landing point location algorithm based on asynchronous time difference of arrival (ATDOA) method