Section
|
Computer science
|
Title
|
Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics
|
Author(-s)
|
Krasnov A.E.a,
Nadezhdin E.N.a,
Nikol'skii D.N.a,
Repin D.S.a,
Galyaev V.S.a
|
Affiliations
|
State Institute of Information Technologies and Telecommunicationsa
|
Abstract
|
This paper presents an improved approach previously developed by the authors for detection of DDoS attacks. It uses traffic evolution and dynamical operators, which makes it possible to take into consideration interrelations observed for data packets headers of traffic. It is assumed that each traffic state (normal state and anomalous attacked states) can be described by unique temporal patterns of characteristics generated by unknown linear dynamical operators. Interrelations between values of network traffic characteristics in different discrete time samples are determined by the evolution operator. The approach was applied for classification of three traffic states: normal and two abnormal (HTTP flood and SlowLoris DDoS attacks). The results prove that it is possible to distinguish normal and abnormal traffic states by hash functions of address and load fields of traffic data packets.
|
Keywords
|
network traffic, DDoS attack, detection, dynamical operator, evolution operator, hash function, classification
|
UDC
|
517.28, 530.181
|
MSC
|
90B20, 47A62
|
DOI
|
10.20537/vm180310
|
Received
|
15 June 2018
|
Language
|
Russian
|
Citation
|
Krasnov A.E., Nadezhdin E.N., Nikol'skii D.N., Repin D.S., Galyaev V.S. Detecting DDoS attacks by analyzing the dynamics and interrelation of network traffic characteristics, Vestnik Udmurtskogo Universiteta. Matematika. Mekhanika. Komp'yuternye Nauki, 2018, vol. 28, issue 3, pp. 407-418.
|
References
|
- Zeb K., Baig O., Asif M.K. DDoS attacks and countermeasures in cyberspace, 2015 2nd World Symposium on Web Applications and Networking (WSWAN), IEEE, 2015. DOI: 10.1109/WSWAN.2015.7210322
- Singh K., Dhindsa K.S., Bhushan B. Distributed defense: an edge over centralized defense against DDoS attacks, International Journal of Computer Network and Information Security (IJCNIS), 2017, vol. 9, no. 3, pp. 36-44.
- Bhattacharyya D.K., Kalita J.K. DDoS attacks: evolution, detection, prevention, reaction, and tolerance. CRC Press, 2016, 312 p.
- Li M. An approach to reliably identifying signs of DDoS flood attacks based on LRD traffic pattern recognition, Computers and Security, 2004, vol. 23, no. 7, pp. 549-558. DOI: 10.1016/j.cose.2004.04.005
- Yu S., Zhou W., Jia W., Guo S., Xiang Y., Tang F. Discriminating DDoS attacks from flash crowds using flow correlation coefficient, IEEE Transactions on Parallel and Distributed Systems, 2012, vol. 23, issue 6, pp. 1073-1080. DOI: 10.1109/TPDS.2011.262
- Jin S., Yeung D.S. A covariance analysis model for DDoS attack detection, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577), IEEE, 2004. DOI: 10.1109/icc.2004.1312847
- Wu Z., Wang M., Zhang H., Liu X. Correlation-based detection of LDoS attack, Journal of Software, 2012, vol. 7, no. 10. DOI: 10.4304/jsw.7.10.2341-2348
- Kotenko I., Fedorchenko A., Saenko I., Kushnerevich A. Big data technologies for security event correlation based on event type accounting, Voprosy Kiberbezopasnosti, 2017, no. 5 (24), pp. 2-16 (in Russian). DOI: 10.21681/2311-3456-2017-5-2-16
- Cheng C.M., Kung H.T., Tan K.S. Use of spectral analysis in defense against DoS attacks, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE, 2002. DOI: 10.1109/glocom.2002.1189011
- Chen Y., Hwang K. Spectral analysis of TCP flows for defense against reduction-of-quality attacks, 2007 IEEE International Conference on Communications, IEEE, 2007. DOI: 10.1109/icc.2007.204
- Fouladi R.F., Seifpoor T., Anarim E. Frequency characteristics of DoS and DDoS attacks, 2013 21st Signal Processing and Communications Applications Conference (SIU), IEEE, 2013. DOI: 10.1109/SIU.2013.6531200
- Fouladi R.F., Kayatas C.E., Anarim E. Frequency based DDoS attack detection approach using naive Bayes classification, 2016 39th International Conference on Telecommunications and Signal Processing (TSP), IEEE, 2016. DOI: 10.1109/TSP.2016.7760838
- Li L., Lee G. DDoS attack detection and wavelets, Telecommunication Systems, 2005, vol. 28, issue 3-4, pp. 435-451. DOI: 10.1007/s11235-004-5581-0
- Li M., Li M. A new approach for detecting DDoS attacks based on wavelet analysis, 2009 2nd International Congress on Image and Signal Processing, IEEE, 2009. DOI: 10.1109/CISP.2009.5300903
- Salagean M., Firoiu I. Anomaly detection of network traffic based on analytical discrete wavelet transform, 2010 8th International Conference on Communications, IEEE, 2010. DOI: 10.1109/ICCOMM.2010.5509071
- Dingde J., Wenda Q., Laisen N., Cheng Y., Rongfang L. Time-frequency detection algorithm of network traffic anomalies, International Proceedings of Computer Science and Information Technology, 2012, vol. 36, pp. 103-108. http://www.ipcsit.com/vol36/021-ICIIM2012-M0053.pdf
- Cheng J., Yin J., Liu Y., Cai Z., Wu C. DDoS attack detection using IP address feature interaction, 2009 International Conference on Intelligent Networking and Collaborative Systems, IEEE, 2009. DOI: 10.1109/incos.2009.34
- Galayev V.S., Krasnov A.E., Nikol'skii D.N., Repin D.S. The space of structural features for increasing the efficiency of the algorithms for detecting network attacks, based on the detection of anomalies in the traffic of extremely large volumes, International Journal of Applied Engineering Research, 2017, vol. 12, no. 21, pp. 10781-10790. http://www.ripublication.com/ijaer17/ijaerv12n21_35.pdf
- Demidovich B.P. Lektsii po matematicheskoi teorii ustoichivosti (Lectures on the mathematical theory of stability), Moscow: Nauka, 1967, 472 p.
- Sitenko A.G. Teoriya rasseyaniya (kurs lektsii) (Theory of scattering (course of lectures)), Kiev: Vishcha Shkola, 1975, 256 p.
- Peano G. Integration par series des equations differentielles lineaires, Mathematische Annalen, 1888, vol. 32, issue 3, pp. 450-456. DOI: 10.1007/BF01443609
- Dyson F.J. The radiation theories of Tomonaga, Schwinger, and Feynman, Physical Review, 1949, vol. 75, issue 3, pp. 486-502. DOI: 10.1103/physrev.75.486
- Krasnov A.E., Nadezhdin E.N., Nikol'skii D.N., Galyaev V.S. Application of the evolution operator method to the analysis of multidimensional time series, Algebra, Number Theory and Discrete Geometry: modern problems and applications: Proceedings of XV International Conference dedicated to the centenary of the birth of Professor Nikolai Mikhailovich Korobov, Tula State Pedagogical University, Tula, 2018, pp. 313-316 (in Russian). http://www.mathnet.ru/ConfLogos/1304/Conference2018_1.pdf
- Wald A. Sequential analysis. J. Wiley & Sons, Inc., New York, 1947, 212 p.
- Krasnov A.E., Nadezhdin E.N., Galayev V.S., Zykova E.A., Nikol'skii D.N., Repin D.S. DDoS attack detection based on network traffic phase coordinates analysis, International Journal of Applied Engineering Research, 2018, vol. 13, no. 8, pp. 5647-5654. http://www.ripublication.com/ijaer18/ijaerv13n8_11.pdf
|
Full text
|
|