Top

Telecommunication Systems

Published in:

24-08-2017

Reducing false rate packet recognition using Dual Counting Bloom Filter

Authors: Ivica Dodig, Vlado Sruk, Davor Cafuta

Published in: Telecommunication Systems | Issue 1/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Distributed Denial of Service (DDoS) attacks are a serious threat to Internet security. A lot of research effort focuses on having detection and prevention methods on the victim server side or source side. The Bloom filter is a space-efficient data structure used to support pattern matching problems. The filter is utilised in network applications for deep packet inspection of headers and contents and also looks for predefined strings to detect irregularities. In intrusion detection systems, the accuracy of pattern matching algorithms is crucial for dependable detection of matching pairs, and its complexity usually poses a critical performance bottleneck. In this paper, we will propose a novel Dual Counting Bloom Filter (DCBF) data structure to decrease false detection of matching packets applicable for the \(\textit{SACK}^2\) algorithm. A theoretical evaluation will determine the false rate probability of detection and requirements for increased memory. The proposed approach significantly reduces the false rate compared to previously published results. The results indicate that the increased complexity of the DCBF does not affect efficient implementation of hardware for embedded systems that are resource constrained. The experimental evaluation was performed using extensive simulations based on real Internet traces of a wide area network link, and it was subsequently proved that DCBF significantly reduces the false rate.

previous article Efficient target tracking in directional sensor networks with selective target area’s coverage

next article Accurate compressive data gathering in wireless sensor networks using weighted spatio-temporal compressive sensing

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Cisco. (2016). Annual Security Report 2016. http://www.cisco.com/c/dam/assets/offers/pdfs/cisco-asr-2016.pdf. Accessed Jan 2016.

Zhang, G., Fischer-Hübner, S., & Ehlert, S. (2010). Blocking attacks on SIP VoIP proxies caused by external processing. Telecommunication Systems, 45(1), 61–76.CrossRef

Sun, C., Fan, J., & Liu, B. (2007). A robust scheme to detect SYN flooding attacks. In Second International Conference on Communications and Networking (pp. 397–401).

Li, L., & Lee, G. (2005). DDoS attack detection and wavelets. Telecommunication Systems, 28(3–4), 435–451.CrossRef

Zlomislić, V., Fertalj, K., & Sruk, V. (2017). Denial of service attacks, defences and research challenges. Cluster Computing The Journal of Networks, Software Tools and Applications, 20(1), 1–11.

DDoS Attacks in Q4 2015. Kaspersky Lab Report. https://securelist.com/analysis/quarterly-malware-reports/73414/kaspersky-ddos-intelligence-report-for-q4-2015/. Accessed Jan 2016.

Markku, A., Aura, T., & Särelä, M. (2014). Denial-of-service attacks in Bloom-filter-based forwarding. IEEE/ACM Transactions on Networking (TON), 22(5), 1463–1476.CrossRef

Mehdi, M. A., & Amphawan, A. (2012). Review of syn-flooding attack detection mechanism. International Journal of Distributed & Parallel Systems, 3(1), 99–117.CrossRef

Scarfone, K., & Mell, P. (2010). Guide to intrusion detection and prevention systems (IDPS) (NIST SP 800-94). Washington, DC: Computer Security Resource Center, National Institute of Standards and Technology, U.S. Department of Commerce.

10.

Wang, G., Xu, M., & Huan, X. (2012). Design and implementation of an embedded router with packet filtering. In Proceedings—2012 IEEE Symposium on Electrical and Electronics Engineering, EEESYM 2012 (pp. 285–288).

11.

Mittal, A., Shrivastava, A. K., & Manoria, M. (2011). A review of DDOS attack and its countermeasures in TCP based networks. International Journal of Computer Science & Engineering Survey (IJCSES), 2(4), 177–187.CrossRef

12.

Ma, X., & Chen, Y. (2014). DDoS detection method based on chaos analysis of network traffic entropy. IEEE Communications Letters, 18(1), 114–117.CrossRef

13.

Broder, A., & Mitzenmacher, M. (2003). Network application of Bloom filters: A survey. Internet Mathematics, 1(4), 485–509.CrossRef

14.

Sun, C., Hu, C., Tang, Yi, & Liu, B. (2009). More accurate and fast SYN flood detection. In Proceedings of 18th International Conference on Computer Communications and Networks (pp. 1–6).

15.

Farkaz, F., & Halasz, S. (2006). Embedded fuzzy controller for industrial applications. Acta Polytechnica Hungarica, 3(2), 41–63.

16.

Xia, Z., Lu, S., Li, J., & Tang, J. (2010). Enhancing DDoS flood attack detection via intelligent fuzzy logic. Informatica (Slovenia) An International Journal of Computing and Informatics, 34(4), 497–507.

17.

Kawahara, R., Ishibashi, K., Mori, T., Kamiyama, N., Harada, S., & Asano, S. (2007). Detection accuracy of network anomalies using sampled flow statistics. In Global Telecommunications Conference 2007, GLOBE-COM ’07 (pp. 1959–1964). IEEE.

18.

Kanwal, G., & Rshma, C. (2011). Detection of DDoS attack using data mining. International Journal of Computing and Business Research (IJCBR), 2(1), 1–10.

19.

Prathibha, R. C., & Rejimol Robinson, R. R. (2014). A comparative study of defense mechanisms against SYN flooding attack. International Journal of Computer Applications, 98(1), 16–21.

20.

Fall, R. K., & Stevens, R. W. (2012). TCP/IP illustrated, volume 1: The protocols. Addison-Wesley Professional Computing Series. New York: Pearson Education.

21.

Sun, C., Fan, J., Shi, L., & Liu, B. (2007). A novel router-based scheme to mitigate SYN flooding DDoS attacks. In IEEE INFOCOM (Poster), Anchorage, Alaska, USA

22.

Kompella, R., Singh, S., & Varghese, G. (2007). On scalable attack detection in the network. IEEE/ACM Transactions on Networking, 15(1), 14–25.CrossRef

23.

Chen, W., Yeung, D. Y. (2006). Defending against TCP SYN flooding attacks under different types of IP spoofing. In International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL06) (pp. 38–42).

24.

Chen, W., & Yeung, D. Y. (2006). Throttling spoofed SYN flooding traffic at the source. Telecommunication Systems, 33(1), 47–65.CrossRef

25.

Nashat, D., Juang, X., & Horiguchi, S. (2008). Router based detection for low-rate agents of DDoS attack. In 2008 International Conference on High Performance Switching and Routing (pp. 177–182).

26.

Ling, Y., Gu, Y., & Wei, G. (2009). Detect SYN flooding attack in edge routers. International Journal of Security and its Applications, 3(1), 31–45.

27.

Sun, C., Hu, C., & Liu, B. (2013). \(\mathit{SACK}^2\): Effective SYN flood detection against skillful spoofs. IET Information Security, 6(3), 149–156.CrossRef

28.

Halagan, T., Kovacik, T., Truchly, P., & Binder, A. (2015). Syn flood attack detection and type distinguishing mechanism based on Counting Bloom Filter. In Information and Communication Technology: Third IFIP TC 5/8 International Conference, ICT-EurAsia 2015, and 9th IFIP WG 8.9 Working Conference, CONFENIS 2015, Held as Part of WCC 2015, Daejeon, Korea, 4–7 Oct 2015, Proceedings (pp. 30–39). Springer, New York.

29.

Alzahrani, A. B., Vassilakis, G. V., & Reed, J. M. (2014). Selecting Bloom-filter header lengths for secure information centric networking. In 2014 9th International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP) (pp. 628–633). IEEE.

30.

Alzahrani, B., Vassilakis, V., Alreshoodi, M., Alarfaj, F., & Alhindi, A. (2016). Proactive detection of DDOS attacks in Publish-Subscribe networks. International Journal of Network Security & Its Applications (IJNSA), 8(4), 1–15.

31.

Blustein, J., & El-Maazawi, A. (2002). Bloom filters—A tutorial, analysis, and survey. Faculty of Computer Science, Dalhousie University. https://www.cs.dal.ca/sites/default/files/technical_reports/CS-2002-10.pdf. Accessed Jan 2016.

32.

Ramakrishna, M. V., Fu, E., & Bahcekapili, E. (1997). Efficient hardware hashing functions for high performance computers. IEEE Transactions on Computers, 46(12), 1378–1381.CrossRef

33.

Ramakrishna, M. V., Fu, E., & Bahcekapili, E. (1994). A performance study of hashing functions for hardware applications. In Proceedings of International Conference on Computing and Information (pp. 1621–1636).

34.

Harwayne-Gidansky, J., Stefan, D., & Dalal, I. (2009). FPGA-based SoC for real-time network intrusion detection using Counting Bloom Filters. In IEEE Southeastcon 2009 (pp. 452–458).

35.

Tabataba, F.S., & Hashemi, M.R. (2011). Improving false positive in Bloom filter. In 2011 19th Iranian Conference on Electrical Engineering (pp. 1–5).

36.

Rottenstreich, O., Kanizo, Y., & Keslassy, I. (2014). The variable increment counting Bloom filter. IEEE/ACM Transactions on Networking, 22(4), 1092–1105.CrossRef

37.

Särelä, M., Rothenberg, C. E., Aura, T., Zahemszky, A., Nikander, P., & Ott, J. (2011). Forwarding anomalies in Bloom filter-based multicast. In INFOCOM, 2011 Proceedings IEEE (pp. 2399–2407).

38.

Fan, L., Cao, P., Almeida, J., & Broder, A. Z. (2000). Summary cache: A scalable wide-area web cache sharing protocol. IEEE/ACM Transactions on Networking (TON), 8(3), 281–293.CrossRef

Title: Reducing false rate packet recognition using Dual Counting Bloom Filter
Authors: Ivica Dodig
Vlado Sruk
Davor Cafuta
Publication date: 24-08-2017
Publisher: Springer US
Published in: Telecommunication Systems / Issue 1/2018
Print ISSN: 1018-4864
Electronic ISSN: 1572-9451
DOI: https://doi.org/10.1007/s11235-017-0375-3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2018

On the performance of M-QAM for Nakagami channels subject to gated noise

An efficient handover decision in heterogeneous LTE-A networks under the assistance of users’ profile

Efficient target tracking in directional sensor networks with selective target area’s coverage

An unequal cluster-based routing scheme for multi-level heterogeneous wireless sensor networks

A knowledge-based exploratory framework to study quality of Italian mobile telecommunication services

A stochastic approximation approach to active queue management