Anomaly Based Approach for Defending Denial of Service Attack in Web Traffic
Keywords:
Anomaly Approach, Distributed Denial of Service Attack, DDOS AttackAbstract
Distributed Denial of Service (DDOS) attacks has become a great threat for internet security. This attack is an advanced form of DOS (Denial of Service) attack. This attack changes its whole origin ID and it gives trouble to find it out and it has become a serious threat for internet security. Almost all traditional services such as bank websites, power resources, medical, educational institutions and military are extended to World Wide Web and thus many people widely use internet services. As many users of Internet is mandatory, network security for attacks are also increasing. Current DDoS attacks are carried out by hacking tools, viruses and botnets using different packet-transmission strategies and various forms of attack packets to beat defense system networks. These problems lead to defense system network requiring various detection methods in order to identify attacks. But DDoS attacks can mix their traffics during flash crowds. By doing this, the network of defense systems cannot detect the attack traffic in time. Denial of service (DOS) attack is potential damaging attack which degrades the performance of online servers in no time. This attack performs an intensive attack on the target server by flooding it with large useless packets. Our Triangular MCA based DoS attack detection system employs the principle of anomaly based detection in attack recognition. To cope with such damaging attacks becomes challenge for the researchers. Preventing and avoiding this attack mainly focuses on the development of network-based detection mechanisms. Detection systems based on these techniques monitor traffic transmitting over the protected networks. This makes our solution capable of detecting known and unknown DoS attacks effectively by learning the patterns of legitimate network traffic only. In this paper Detection of denial of service attack is done using anamoly based approach, multivariate correlation analysis.
References
A. Valdes and K. Skinner, "Adaptive, Model-Based Monitoring for Cyber Attack Detection," presented at Recent Advances in Intrusion Detection, Toulouse, France, 2000.etkovic, M., Jonker, W. Preface,―Special issue on secure data management,‖ Journal of Computer Security, 17(1), pp.1-3 (2009)
K. Park and H. Lee. On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law in-ternets. In Proceedings of ACM SIGCOMM ’2001, San Diego, CA, August 2001.
Blazek, R., H. Kim, B. Rozovskii, and A. Tartakovsky, ―A Novel Approach to Detection of Denial-of- Service Attacks via Adaptive Sequential and Batch-sequential Change-Point Detection Methods,‖ Proc. of the 2001 IEEE Workshop on Information Assurance and Security, June 2001.
Eleazar Eskin, Matthew Miller, Zhi-Da Zhong, George Yi, Wei-Ang Lee, Salvatore Stolfo,‖ Adaptive Model Generation for Intrusion Detection Systems‖,IEEE Computer Society, 2001.
Y. Chen and K. Hwang, ―Collaborative Change Detection of DDoS Attacks on Community and ISP Networks‖, IEEE Int’l Symp. on Collaborative Technologies and Systems (CTS 2006), Las Vegas, May 15-17, 2006. Proc. of the 2nd ACM SIGCOMM Workshop on Internet Measurements, 71 - 82 (2002).
Greg Vert Deb orah A. Frincke Jesse C. McConnell,‖ A Visual Mathematical Mo del for Intrusion Detection‖, IEEE Fourth Computer Security Applications Conference , 2002.
J. Ioannidis and S. M. Bellovin, ―Implementing Pushback: RouterBased Defense against DDoS Attacks,‖ Network and Distributed System Security Symposium. (NDSS), San Diego, CA. Feb. 6-8, 2002
W. Streilein, R.K. Cunningham, S.E. Webster, Improved detection of low-profile probe and novel denialof- service attacks (2002), Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Baltimore, Maryland, June 2002, pp. 11–13.
Akella, A. et al. (2003). Detecting DDoS Attacks on ISP Networks. In ACM SIGMOD/PODS Workshop on management and processing of data streams (MPDS) FCRC.
Feinstein, L. et al. (2003). Statistical approach to DDoS attack detection and response. In Proceedings of the DARPA information survivability conference and exposition (pp. 303–314).
C. Jin, H. Wang, and K. Shin, ―Hop-count Filtering: An Effective Defense against Spoofed DDoS Traffic,‖ Proc. of the 10th ACM Conference on Computer and Communications Security, 2003, pp. 30-41.
C. F. Tsai and C. Y. Lin, ―A Triangle Area Based Nearest Neighbors Approach to Intrusion Detection,‖ Pattern Recognition, vol. 43, pp. 222-229, 2010. 6. A. A. Cardenas, J. S. Baras, and V. Ramezani, ―Distributed change detection for worms, DDoS and other network attacks,‖ The American Control Conference, Vol.2, pp. 1008-1013, 2004.
Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, ―PacketScore: Statistics-Based Overload Control Against Distributed Denial of-Service Attacks,‖ Proc. INFOCOM, 2004.
Y. Chen, Y. K. Kwok, and K. Hwang, ―MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Pushback DDoS Attacks,‖ IEEE International Workshop on Security in Distributed Computing Systems (SDCS-2005), 2005.
Yu Chen, Yu-Kwong Kwok, and Kai Hwang, University of Southern California, Los Angeles,‖ Filtering Shrew DDoS Attacks Using A New Frequency-Domain Approach‖, on June 20, 2005.
D. Gavrilis and E. Dermatas, ―Real-time Detection of Distributed Denial-of-service Attacks Using RBF Networks and Statistical Features,‖ Computer Networks, vol. 48, no. 2, pp. 235-245, 2005.
C. Yu, H. Kai, and K. Wei-Shinn, ―Collaborative Detection of DDoS Attacks over Multiple Network Domains,‖ Parallel and Distributed Systems, IEEE Transactions on, vol. 18, pp. 1649-1662, 2007.
Ahmed T., Coates M., Lakhina A.: Multivariate Online Anomaly Detection Using Kernel Recursive Least Squares. Proc. of 26th IEEE International Conference on Computer Communications (2007)
K. Lee, J. Kim, K. H. Kwon, Y. Han, and S. Kim, ―DDoS attack detection method using cluster analysis,‖ Expert Systems with Applications, vol. 34, no. 3, pp. 1659-1665, 2008.
W. Hu, W. Hu, and S. Maybank, ―AdaBoost-Based Algorithm for Network Intrusion Detection,‖ Trans. Sys. Man Cyber. Part B, vol. 38, no. 2, pp. 577-583, 2008.
Y.Dhanalakshmi 1 and Dr .I. Ramesh Babu,‖ Intrusion Detection Using Data Mining Along Fuzzy Logic and Genetic Algorithms‖, IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.2, February 2008.
Marina Thottan, Guanglei Liu, Chuanyi Ji,‖ Anomaly Detection Approaches for Communication Networks‖, IEEE/ACM Tran. Networking (2009)
Zhong ,R and Yue ,G. (2010) DDoS detection system based on data mining. Proceedings of the 2nd International Symposium on Networking and Network Security, Jinggangshan , China, 2 – 4 April , pp .062 – 065 . Academy Publisher.
Barford P., Kline J., Plonka D., Ron A.: A Signal Analysis of Network Traffic Anomalies. , vol. 18, pp. 1649-1662 2008
Lifang Zi, John Yearwoody, Xin-Wen Wuz,‖ Adaptive Clustering with Feature Ranking for DDoS Attacks Detection‖ Fourth International Conference on Network and System Security, , Vol. 8, Issue 5, No 1, 2010.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2015 COMPUSOFT: An International Journal of Advanced Computer Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.
©2023. COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY by COMPUSOFT PUBLICATION is licensed under a Creative Commons Attribution 4.0 International License. Based on a work at COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY. Permissions beyond the scope of this license may be available at Creative Commons Attribution 4.0 International Public License.
