A hybrid defense mechanism for DDoS attacks using cluster analysis in MANET

Mobile Ad-hoc Networks (MANET) provides direct peer-to-peer communication between mobile nodes without any infrastructure. During data transfer, it is possible that an attacker may initiate Distributed Denial of Service (DDoS) that may interfere the entire communication. In this paper, we propose a Hybrid Defense Mechanism based on Cluster Analysis. The network traffic is investigated for the existence of DDoS using Cluster Analysis. The traffic thus investigated is subject to XOR marking which marks the non-legitimate traffic. This helps in identification of the node initiating the DDoS attack, thereby isolates the particular node from further communications. The experimentation is done with 2000 DARPA Intrusion Detection Scenario Specific Data Set to evaluate our method. From the experimental results, it is evident that our proposed scheme is effective in identification of DDoS attacks.

[1]  Chase Qishi Wu,et al.  Monitoring security events using integrated correlation-based techniques , 2009, CSIIRW '09.

[2]  Vir V. Phoha,et al.  Size-based scheduling: a recipe for DDOS? , 2010, CCS '10.

[3]  Hyunwoo Kim,et al.  An Effective DDoS Attack Detection and Packet-Filtering Scheme , 2006, IEICE Trans. Commun..

[4]  L. Miles,et al.  2000 , 2000, RDH.

[5]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[6]  Wenke Lee,et al.  Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[7]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[8]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[9]  Csilla Farkas,et al.  PAID: A Probabilistic Agent-Based Intrusion Detection system , 2005, Comput. Secur..

[10]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[11]  Dimitris Gavrilis,et al.  Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features , 2005, Comput. Networks.

[12]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[13]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[14]  U. Tariq,et al.  PMS an expeditious marking scheme to combat with the DDoS attack , 2005, 2005 Pakistan Section Multitopic Conference.

[15]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .